2

I'm having an issue using the example given in powershell for invoke-WebRequest my code below:

$wr = Invoke-WebRequest -URi "http://localhost:51880/Users/Login.aspx" -SessionVariable SMSession
$SMSession
$dbForm = $wr.Forms[0]
$dbForm
$dbForm.fields

$dbForm.Fields["Login1_Username"] = "johnsmith"
$dbForm.Fields["Login1_Password"] = "password1"



$r = invoke-WebRequest -Uri "http://localhost:51880/Users/Login.aspx"  -WebSession $SMSession -Method Post -Body $dbForm.Fields

I'm getting an error saying "Cannot bind parameter 'Uri'. Cannot covert value to System.Uri.

I've had a look about and although there are different examples of this code none seem to work for me. Could someone please help me, i don't under stand what this final part is doing ($r) all it seems to be doing is calling the same page again and not actually logging in.

Thanks

James
  • 21
  • 1
  • 3
  • remove the bracket from the last line and it will work fine `$r = invoke-WebRequest -Uri "www.facebook.com/login" -WebSession $SMSession -Method Post -Body $dbForm.Fields` – ClumsyPuffin Nov 02 '16 at 13:59
  • Hi, the code runs fine without the bracket but it still doesn't actually sign in for me, is there a way to check if it does? i mean i was using $dbForm.fields after running it but it still says the Log in screen – James Nov 02 '16 at 15:05

2 Answers2

1

I had the very same issue and I think my solution should work for you too.

First, install Fiddler. Then while fiddler is running, login to the website manually. You should see the login request in the fiddler trace - If you look at the WebForms tab on the trace you should see the Username and Password fields populated there.

For some reason, when logging in manually, the field names were different! The field names had "$" character in places that powerShell had shown as "_" characters, e.g. ContentPlaceHolder$txtUserName, not ContentPlaceHolder_txtUserName that PowerShell displayed.

So, instead of assigning values to the Username and password fields that powerShell claimed were part of the form, I deleted those, created new fields with the same names shown in Fiddler, then populated those new fields.

Also, since "$" is a special character within powerShell, you need to prefix that with ` in order to use it simply as a dollar sign, to prevent powerShell thinking you are referring to the start of a variable name.

See code below :-

$webRequest = Invoke-WebRequest -URi "http://YourWebsite/Login.aspx" -SessionVariable SMSession 

$dbForm = $webRequest.Forms[0] 

# For some reason, the field values returned have underscores instead of $ signs! Need to delete this, then recreate
# with the correct values, using ` to allow $ to be passed without treating it as a variable.
$dbForm.fields.Remove("ContentPlaceHolder_txtUserName")
$dbForm.fields.Remove("ContentPlaceHolder_txtPassword")

$dbform.fields.Add("ContentPlaceHolder`$txtUserName", "admin")
$dbform.fields.Add("ContentPlaceHolder`$txtPassword", "Password2")

#$dbform.fields

$r = invoke-WebRequest -Uri ("http://YourWebsite/Login.aspx") -WebSession $SMSession -Method Post -Body $dbForm.Fields 

$r.RawContent
Chris T
  • 11
  • 3
  • got this on run: invoke-WebRequest : Server Error in '/' Application. Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. any ideas?? – James Nov 07 '16 at 15:00
0

There are a couple of problems with your script.

  1. If you check which fields are available in $dbForm.Fields, you will see: 

    Key                     Value      
---                     -----      
lsd                     AVq5lobS   
display                            
enable_profile_selector            
isprivate                          
legacy_return           0          
profile_selector_ids               
return_session                     
skip_api_login                     
signed_next                        
trynum                  1          
u_0_0                              
u_0_1                              
lgnrnd                  065033_QxW1
lgnjs                   n          
email                     
pass                      
persistent                         
default_persistent      1

    So you probably need to replace the lines where you pass the login details with: 

    $dbForm.Fields["email"] = "johnsmith"
$dbForm.Fields["pass"] = "password1"

  2. Not sure if it's a typo or not but the bracket in your last line doesn't need to be there (after removing that I can run the script without any errors).

I think what the script is trying to do is, with the first Invoke-WebRequest, it retrieves the login page, so that we know which fields are available to to us (e.g. email and pass). The next Invoke-WebRequest is then supposed to send the values we entered back to the page using the Post method.

Bassie
  • 9,529
  • 8
  • 68
  • 159
  • Hi Thanks for the repose i ran $dbForm.Fields after running the script and i got this in return key Value --- ----- __EVENTTARGET __EVENTARGUMENT __VIEWSTATE .. Login1_Username johnsmith Login1_Password password1 Login1_LoginButton Log In – James Nov 02 '16 at 16:08
  • Yes they will be there after you run the script because you have added them, but are you sure that those are the required field names? Also, you may want to edit your question, because that code does not execute, and the error is different – Bassie Nov 02 '16 at 16:12
  • Hi, thanks for your response i've updated my question and i ran it again, on return i get the values for Login1_Username johnsmith Login1_Password password1 Login1_LoginButton Log in – James Nov 03 '16 at 09:13
  • @James Are you still trying to access the Facebook api or was that just as an example? – Bassie Nov 03 '16 at 09:30
  • just an example, trying to do it through local host – James Nov 03 '16 at 09:43