0

I am currently trying to automatically log in to the website below using perl. I have tried using mechanize but I believe it would require JS functionality. Ive looked into the JavaScricpt Mech Plugin but the documentation is not very understandable for me. Im not sure how to further approach this since I cant see the md5() function so Im not able to reconstruct it in the perl code...

The relevant bits are:

HTML:

<form method="POST" name="logonForm" onsubmit="encode();document.submitForm.submit();return false;">
<tr class="Element">
    <td class="text" id="ID_Text4"><nobr>User name:</nobr></td>
    <td  class="text" align="left">
        <select name="username"  style="width:125">
            <option value="user" id="ID_Text5">user&nbsp; </option>
            <option selected value="admin" id="ID_Text6">admin&nbsp;</option>
        </select>
    </td>
</tr>
<tr class="Element">
    <td class="text" id="ID_Text7"><nobr>Password:</nobr></td>
    <td  class="text">
        <input type="password" size="10" name="password" style="width:125">
    </td>
</tr>

<form method="POST" name="submitForm">
   <input type="hidden" name="encoded">
   <input type="hidden" name="nonceA" value="">
   <input type="button" name="goto" value="Log On" onClick="encode();submit();" style="width:125" ID="ID_Button1">
   <input type="hidden" name="URL" value="/">

JS:

function encode() 
{   
    // sets the hidden field value to whatever md5 returns.
    document.submitForm.encoded.value = document.logonForm.username.value + ":" + md5(document.logonForm.username.value + ":" + document.logonForm.password.value + ":" + document.submitForm.nonceA.value);
    /* Dont used */
    document.submitForm.URL.disabled = true;
}
Tomek
  • 41
  • 4
  • 1
    Have you tried [`Selenium::Chrome`](https://metacpan.org/pod/Selenium::Chrome) ? See also [Spidering websites with Headless Chrome and Selenium](https://www.perl.com/article/spidering-websites-with-headless-chrome-and-selenium/) – Håkon Hægland Aug 25 '21 at 09:34
  • @HåkonHægland This might work for me but do you know if this would also work with a portable chrome version? There is not chrome installed on all the systems im running this on... – Tomek Aug 25 '21 at 10:27
  • Yes you need to install chrome, see [Is Chrome installation needed or only chromedriver when using Selenium?](https://stackoverflow.com/q/53330322/2173773) – Håkon Hægland Aug 25 '21 at 10:48
  • Look at WWW::Mechanize::Chrome. – simbabque Aug 25 '21 at 11:29
  • Is there also a solution that does not involve a non standard windows browser being installed? – Tomek Aug 25 '21 at 12:37
  • What do you mean "a non standard windows browser"? – Dada Aug 25 '21 at 14:08
  • @Dada Just Internet Explorer or no browser at all? – Tomek Aug 25 '21 at 14:44

2 Answers2

2

Have you tried md5 function from Digest::MD5?

use Digest::MD5 qw(md5)
use WWW::Mechanize;

my $encoded = $username . ':' . md5($username . ':' . $password . ':' . $nonce);
$mech->post(
    $url,
    Content => {
        'encoded' => $encoded,
        'nonceA' => $nonce,
        ....
    },
);
gangabass
  • 10,607
  • 2
  • 23
  • 35
2

I noticed that the "nonceA" value is never set so I copied the html and js dependencies and ran the html locally. I used window.prompt(document.submitForm.encoded.value); in the html to see what is being sent. I then copied this value to my perl script and set the "encoded" value acordingly:

my $form = $mech->form_name('submitForm');
$form->value('encoded', '<copied here>');

Afterwards I submitted using:

$mech->submit_form();

This did the trick for me.

Tomek
  • 41
  • 4