1

I saw this post without a solution but my problem is similar. I'm trying to automate some information lookup on my own login page for a service I'm using. When I run the following command it doesn't give me anything for .Forms

$Webpage = Invoke-WebRequest -Uri "https://mypage.tokyu-ps.jp/member/"

$Webpage.Forms is empty. As almost every single suggestion on doing login forms with Invoke-WebRequest says that I need to use $Webpage.Forms[0] and then enter the values there, I'm thinking I could use the InputFields instead.

If I check $Webpage.InputFields there are two fields that look like they should be the login information with the Id of TAccountLoginid and TAccountPass, however only the latter has a property called "value" which I suspect is the property I would want to set. TAccountLoginid doesn't have a value property, even when inspecting the page with F12 in my browser. (EDIT: It wasn't necessary this time but for future reference, you can always add your own properties with ($Webpage.InputFields | Where-Object{$_.name -eq "ItemYouWantToEdit"}) | Add-Member -NotePropertyName "value" -NotePropertyValue "Your value here" to force it to have that for later use.)

There is one other field that looks like it could be used which is TokenDebug0123456789 that I guess is the session token, but it already has a value of random data with TAccount.loginid and TAccount.pass mixed in there, so I guess I still need to find the field that takes the account name, then set the account name and password in the above fields, then call Invoke-Webrequest again using that edited $Webpage variable. I just don't know how to proceed in this situation.

Tanaka Saito
  • 943
  • 1
  • 17
  • 40
  • `plaintext passwords in 2022` are OK as your connection is secured with `httpS` – filimonic Oct 13 '22 at 07:11
  • So do you still have any problem? If not, please close your question. – filimonic Oct 13 '22 at 07:13
  • Sure, but the Invoke-Webrequest failed unless I added -AllowUnencryptedAuthentication so I'm not sure this is all fine regardless. No I don't have any more problems, I solved it, posted the solution as an answer. – Tanaka Saito Oct 13 '22 at 07:38
  • But `AllowUnencryptedAuthentication` works only for non-https connections – filimonic Oct 13 '22 at 07:59
  • That's what I thought too, which is why I think the connection isn't actually using HTTPS even though it looks like it. This is a Japanese homepage after all so anything goes (read: the only security I've seen here is security by obscurity, aka not security at all). I guess it could be some form of self-signed certificate? I know too little about these things though :/ All I know is that the Invoke-Webrequest just returned the login page when using it as is but returned my actual "My Page" when using -AllowUnencryptedAuthentication. – Tanaka Saito Oct 13 '22 at 08:10

1 Answers1

3

I found the problem while inspecting the traffic using developer tools in my browser. There were no forms present because they were sending the password in the request body. What I did was just copy the body and replace everything with the session information:

$Username = "MyUser"
$Password = "MyPassword"
$Webpage = Invoke-WebRequest -Uri "https://mypage.tokyu-ps.jp/member/" -SessionVariable MySession

$Body = @{
    "data[_Token][key]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][key]"}).value
    "data[TAccount][loginid]" = $Username
    "data[TAccount][pass]" = $Password
    "login" = ""
    "nextUrl" = ""
    "data[_Token][fields]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][fields]"}).value
    "data[_Token][unlocked]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][unlocked]"}).value
    "data[_Token][debug]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][debug]"}).value
}

$Result = Invoke-WebRequest -Method Post -Uri "https://mypage.tokyu-ps.jp/member/" -Body $Body -WebSession $MySession -AllowUnencryptedAuthentication
Tanaka Saito
  • 943
  • 1
  • 17
  • 40