Use PowerShell to Keep a CookieJar and POST to a Web Form That Prohibits XSS

I recently had a project that required I log into a site and submit a form. Initially, I had a Start-Process that launched iexplore but then I decided it would be best to..

My initial attempts to automate this process failed with the server response “403 Forbidden.” As it turns out, the web server which is some modified version of jetty (I believe) was hardened to prevent XSS attacks. I knew that I had to use cookies, but doing so in PowerShell turned out to be a bit more challenging than it was in VBScript.

I like this script because it covers a lot of ground, from bypassing the SSL warning, to getting credentials to submitting a form. It took about a day to figure out, but ultimately, I was able to:

  1. Authenticate using BASIC authentication
  2. Bypass SSL warnings
  3. Keep cookies
  4. Submit the information from a hidden field in the form

There are additional steps in between each of those, which include

  • Prompting for the website credentials
  • Associating those credentials to the website
  • Placing cookies in the cookie jar
  • Parsing the form for the information I needed
  • Passing back the information

Essentially, I create a web request using System.Net.HTTPWebRequest (using webclient proved too messy), create a response stream, “upload” the data as bytes, get the second response. You can modify this to submit other portions of a form, or just parse from page to page. Hope you find it useful!

Thanks to Captain Abstraction for breaking this whole down and making it way easier to understand than most of the webpages I visited.

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain RealCajunRecipes.com in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in PowerShell

Leave a Reply

Your email address will not be published. Required fields are marked *

*