Use PowerShell Invoke-WebRequest to login on a website

To automate some tasks with PowerShell on a website you sometimes need to log in. Today I tried some curl and postman tricks but it isn’t hard if you know what to script with PowerShell and bypass all other tools.

First, find a website to log in to, then check the page source and what the submit button does. In this example, it is “Inloggen” (dutch for login).

Then start the developer tools (F12), select the network tab, enter the credentials and login.

Now check the POST request in the developer tools.

The important things on this login form are:

  • Gebruikersnaam (username)
  • Wachtwoord (password)
  • __RequestVerificationToken

Now we can write a simple script

$LoginUri = "https://example.website.nl/versie6-0-0/mijnscore/Login"
$BackendUri = "https://example.website.nl/mijnzwemscore/inhaalles.asp"
# ==========================================
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -SessionVariable "Session" 
$LoginBody = @{
    __RequestVerificationToken = $LoginResponse.InputFields[1].value
    Gebruikersnaam             = "EnterUsername"
    Wachtwoord                 = "EnterPassword"
    Submit                     = "Inloggen"
}
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -WebSession $Session -Body $LoginBody -Method "POST"

Invoke-WebRequest -Uri $BackendUri -WebSession $Session

Explanation of the script:

  1. Open the website and find out what the __RequestVerificationToken must be
  2. Create a body with the credentials, the login form submit and the __RequestVerificationToken
  3. Do the actual login and save the web session (cookies and stuff).
  4. Now we can use the previous web session to check all the backend stuff

Edit: 10-5-2024

In the comments I get 2 questions from Laerte Junior:

  1. How do I get the $LoginUri
  2. How do I get the $BackendUri

Let start with the first one. In this example I use Firefox and the zwemscore example

Press F12 (Developers Options)

Now Login to the website and check the POST URL (right click copy)

and you get the $LoginUri

When you do an successful login you can see all the backend URI’s. In my case was “Les Inhalen” the one I want to scrape the data from. So I click “Les Inhalen”

And I get the $BackendUri

Now run the first 3 lines from the script in PowerShell

$LoginUri = "https://thelocalgym.zwemscore.nl/versie6-0-0/mijnscore/Login"
$BackendUri = "https://thelocalgym.zwemscore.nl/mijnzwemscore/inhaalles.asp"
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -SessionVariable "Session"

And check the $LoginResponse.Inputfields

In our case we need:

  1. __RequestVerificationToken
  2. Gebruikersnaam (username)
  3. Wachtwoord (Password)

Because we know the username and password the only dynamic thing is __RequestVerificationToken

So we can use 2 different ways to get the data.

The Dynamic way: ($LoginResponse.InputFields | Where-Object {$_.name -like "__RequestVerificationToken"}).value

-OR-

The Array way (quick ‘n dirty): $LoginResponse.InputFields[6].value

Quick ‘n dirty

$LoginUri = "https://thelocalgym.zwemscore.nl/versie6-0-0/mijnscore/Login"
$BackendUri = "https://thelocalgym.zwemscore.nl/mijnzwemscore/inhaalles.asp"
# ==========================================
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -SessionVariable "Session" 
$LoginBody = @{
    __RequestVerificationToken = $LoginResponse.InputFields[6].value
    Gebruikersnaam             = "ExampleUser"
    Wachtwoord                 = "ExamplePass"
    Submit                     = "Inloggen"
}
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -WebSession $Session -Body $LoginBody -Method "POST"

$response = Invoke-WebRequest -Uri $BackendUri -WebSession $Session 

$response.RawContent

Dynamic way (better)

$LoginUri = "https://thelocalgym.zwemscore.nl/versie6-0-0/mijnscore/Login"
$BackendUri = "https://thelocalgym.zwemscore.nl/mijnzwemscore/inhaalles.asp"
# ==========================================
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -SessionVariable "Session" 
$RequestToken = ($LoginResponse.InputFields | Where-Object {$_.name -like "__RequestVerificationToken"}).value
$LoginBody = @{
    __RequestVerificationToken = $RequestToken
    Gebruikersnaam             = "ExampleUser"
    Wachtwoord                 = "ExamplePass"
    Submit                     = "Inloggen"
}
$LoginResponse = Invoke-WebRequest -Uri $LoginUri -WebSession $Session -Body $LoginBody -Method "POST"

$response = Invoke-WebRequest -Uri $BackendUri -WebSession $Session 

$response.RawContent

Happy login 🙂

Author: Thomas Faddegon

Do you like my posts and want to do something back? You can buy me a beer :)