Powershell is great, and it's lately been my go-to shell while I'm working on Windows.
I really don't do a lot of work in the shell, but I do like to play with low-level interfaces from time to time. The article is about Linux shells, but goes into good explanation about what a shell is if you don't know.
We are going to attempt to log in to my favorite website for buying socks, Absolute Socks:
In order to do that, we need to have a login. So if you don't already have an account on www.absolutesocks.com, go make one now.
We are using a hashtable to pass in our email and password. This can be seen in the official docs as one method of POSTing data using Invoke-WebRequest.
Our request should have succeeded, but it doesn't. We get an Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. Unfortunate for us. Googling the error gives us a fix for this issue, which is to execute this code prior to executing our Invoke-WebRequest. So let's execute this in our Powershell instance:
One possible reason why we need to explicitly set the SecurityProtocol is that Powershell is picking the wrong version of TLS for us. According to official documentation, the default value for SecurityProtocol is 0, which means Powershell is automagically selecting our TLS version for us.
 |
| Sorry command prompt |
I really don't do a lot of work in the shell, but I do like to play with low-level interfaces from time to time. The article is about Linux shells, but goes into good explanation about what a shell is if you don't know.
Log into a website
Today, I wanted to do something that I have never really tried before and that is logging into a website using Powershell. The concepts behind this are quite simple really, as Powershell has support to send HTTP requests and that's usually all we need, unless the server has CSRF protections in place (which it should).We are going to attempt to log in to my favorite website for buying socks, Absolute Socks:
 |
| Is that a turkey?! |
In order to do that, we need to have a login. So if you don't already have an account on www.absolutesocks.com, go make one now.
Viewing the login request
On websites, a login request is a HTTP POST (you should never be logging in with a HTTP GET request). Typically, in these requests, we send the server our credentials (user name/email and password) and they return for us a token or cookie that we use in subsequent requests. It is the presence of this token or cookie that tells the server we have successfully authenticated (not authorized - that is different!).
There is a difference between token and cookie based authentications. The simple explanation is that in cookie-based authentication, the cookie holds a value to the session on the server. This session stores information about a current user's visit. In token-based authentication, the token acts as an object that gives the bearer (the user) access to pages that require authentication. Token-based authentication is stateless while cookie-based authentication retains state. For a longer and more detailed explanation please visit this page.
Let's see what our login request looks like on the site, and to do that we need the inspector open (I am using Chrome as it is my go-to browser) and focus on the Network tab. I also want Preserve log (which prevents requests from clearing out when the page navigates) and Disable cache (prevents client-side caching). I would recommend clicking clear before logging in, as you may have some strangler requests in your Network tab:
 |
| Prepping the inspector |
A lot of websites now are using javascript to login, so in order to check if our login is handled by javascript, I will filter my requests in the Network tab by XHR:
 |
| Viewing XHR requests |
I really do not see anything that could possibly be a login request in here. Shucks. Let's change the filter to All and see if we can find the login request:
 |
| Viewing All requests |
Bingo! First request. Let's click on the name of the request and look at the details a bit:
 |
| Request detail view |
It appears to me that the login endpoint takes in two values, a login_email and login_pass. This seems easy enough to replicate in Powershell now. Let's open up a Powershell instance.
Writing Powershell code
In order to send a web request, we will use the Invoke-WebRequest command, passing in the HTTP method and body of the request (our login credentials):
Invoke-WebRequest -Uri "https://www.absolutesocks.com/login.php?" -Method Post -Body @{login_email='[email]';login_pass='[password]';}
We are using a hashtable to pass in our email and password. This can be seen in the official docs as one method of POSTing data using Invoke-WebRequest.
Our request should have succeeded, but it doesn't. We get an Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. Unfortunate for us. Googling the error gives us a fix for this issue, which is to execute this code prior to executing our Invoke-WebRequest. So let's execute this in our Powershell instance:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
One possible reason why we need to explicitly set the SecurityProtocol is that Powershell is picking the wrong version of TLS for us. According to official documentation, the default value for SecurityProtocol is 0, which means Powershell is automagically selecting our TLS version for us.
Making another request
Running our original request is taking a long time, almost too long. I end up on this github issue and read it enough to see that we should add the -UseBasicParsing flag to our Invoke-WebRequest command. Let's do that now:
 |
| We've logged in! |
The StatusCode of the message reads 200 which means the request was successful!
Where do we go now?
I'll leave that as an open question, and possible continuation of this post sometime in the future.
I was diagnosed as HEPATITIS B carrier in 2013 with fibrosis of the
ReplyDeleteliver already present. I started on antiviral medications which
reduced the viral load initially. After a couple of years the virus
became resistant. I started on HEPATITIS B Herbal treatment from
ULTIMATE LIFE CLINIC (www.ultimatelifeclinic.com) in March, 2020. Their
treatment totally reversed the virus. I did another blood test after
the 6 months long treatment and tested negative to the virus. Amazing
treatment! This treatment is a breakthrough for all HBV carriers.
In nowadays, technology works like magic, make easy tasks and saving time. With a keen interest in it, I find myself caught up in academic and workload online math masters commitments. I'd love to hear about your routine that has proven most effective for achieving academic success. Additionally, I'm searching options for online class assistance to manage my current workload effectively.
DeleteI am cured from herpes🌿🌿🌿🌿
ReplyDeleteResult is 100% guaranteed.
Works in 2 weeks max,
HERBAL REMEDY FOR THE FOLLOWING..
-GENITAL AND ORAL HERPES🌿
-HPV🌿
–HEPATITIS A,B AND C🌿
-COLD SORE🌿
-SHINGLES🌿
-FIBROID🌿
-BARENESS/INFERTILITY🌿
-ERECTILE DYSFUNCTION🌿
-ECZEMA🌿
-ALL STD s🌿
Contact....Robinsonbuckler11 [@ gmail com]……
United States ....
Thanks for sharing a great article. You are providing wonderful information; it is very useful to us. Keep posting like these informative articles.
ReplyDeleteAmravati SEO Company
Nowadays, technology is magic, it makes things so easier for you, how do you have time to manage such activities, I have a interest in it, but currently been busy with academic and workload and need online class help. Could you share your routine that has been most helpful for your academic success?
DeleteAs a healthcare professional, I recommend medical weight management, nutrition counseling, fitness plans, or a combination of these services, you can find a weight loss centers in GA that suits your needs. These centers often take a holistic approach to weight loss, addressing both the physical and psychological aspects of the journey.
ReplyDeleteWith your generous support, we can reach farther, dig deeper, and purify more water sources. Together, we empower communities to thrive by ensuring access to the charities for clean water Your dedication to the cause echoes in the laughter of children playing by newly installed water pumps, in the smiles of families who no longer fear waterborne diseases, and in the growth of agricultural projects that flourish with reliable irrigation.
ReplyDeleteThe efficiency of the carpool service is truly commendable. The user-friendly app, coupled with real-time tracking and reliable scheduling, has made coordinating rides a breeze. It's refreshing to see a company that places a premium on punctuality and reliability, ensuring that my daily commute is not just efficient but stress-free.
ReplyDeleteAt Cube Peaks Dubai we are committed to empowering businesses to reach new heights with cutting-edge Microsoft Dynamics solutions. Our dedicated team of experts is driven by a passion for delivering top-tier services tailored to meet your specific needs. From meticulous planning to seamless implementation and deployment, we ensure that your Microsoft Dynamics journey is smooth and successful. With Cube Peaks Dubai by your side, unlock the full potential of your business and elevate your performance to new heights.
ReplyDeleteLooking to purchase Vultr Public Cloud for your company or project? Get the latest Vultr Cloud server at best prices.
ReplyDeleteWhen learning how to automate tasks like logging into a website using PowerShell, balancing technical learning with academic responsibilities can be tough. To manage your time more effectively, you might consider paying someone to do my aleks to focus on mastering your PowerShell skills. Additionally, if you're struggling to keep up with your online classes while diving into automation, hiring an online class taker can help you stay on track. If exams are adding extra stress, paying someone to do my online exam can provide peace of mind while you focus on advancing your technical knowledge.
ReplyDeleteHere’s a comment you could use:
ReplyDelete"Thanks for this helpful guide on blocking online ads with the hosts file! It's a simple yet effective method that can really enhance browsing experience. I appreciate the clear instructions!"
Data science courses in Bhutan
Using PowerShell to log into a website is such a handy skill for automating tasks and improving efficiency. It’s impressive how much time can be saved with the right scripts and commands, especially for tech enthusiasts and professionals alike. For students balancing tech interests with challenging subjects like math, it can sometimes be overwhelming. If you’re struggling to keep up, you can always pay someone to take my online math class and free up time to focus on your coding projects or other priorities.
ReplyDeleteUsing PowerShell to log into a website is a powerful skill, especially for those interested in automating processes and streamlining workflows. It's amazing how technology can make tasks more efficient with just a few commands. For students who are focused on mastering technical skills but are also preparing for exams like the HESI, managing everything can be tough. If you're feeling overwhelmed, you can always have someone take my hesi exam for me to help lighten the load while you focus on your tech projects.
ReplyDelete