Sign into a 3rd party website using Postman or Curl: Learning experience

Question

I am trying to understand a how form submits work. Currently, I am signing on to this site: Work website What I would like to do is use Postman or curl to sign in.

In the form is see 4 possible keys: Username , Password , ClientID and Remember .

• I am submitting each one of these with Postman and I am getting Invalid Login error.
• I am guessing this is because Postman does not set up the cookies like in MM_validateForm()

Can anyone help me solve this? If it is because of the cookies, is there a way to set this with Postman? Perhaps in the header keys and values area?

Here is all the inputs of the form:

<form 
action="login-process.asp" 
method="post" 
name="form1" 
id="form1" onsubmit="MM_validateForm('ClientID','','R','Username','','R','Password','','R');return document.MM_returnValue">

...

<input 
name="ClientID" 
type="hidden" 
id="ClientID" 
value="LVSandsExpoCC">

...

<input 
name="Username" 
type="text" 
id="Username"
value="">

...

<input 
name="Password" 
type="password"
id="Password">

...

<input 
type="submit" 
name="Submit" 
value="Submit">

The MM_validateForm() (after validates it updates the cookies)

 var myDate = new Date();
    myDate.setDate(myDate.getDate() + 365);
    if (document.getElementById("Remember").checked) {
      jaaulde.utils.cookies.set("CelayixRemember", encodeURIComponent(document.getElementById("ClientID").value + "|" + document.getElementById("Username").value), {
        secure: true,
        expiresAt: myDate
      });
    } else {
      jaaulde.utils.cookies.set("CelayixRemember", "", {
        secure: true,
        expiresAt: myDate
      });
    }
    setClientPath();
  }

Answer 1

I suspect this has to do with the ASPSESSIONIDASBUBTDA cookie. This is what Chrome sends when I try to login on the page you mentioned: ( image here )

You'll need to retrieve your value using Chrome and use it when making a request with Postman or CURL.

So, a CURL command should look like this:

curl "https://websandsexpo.celayix.com/sandsexpo/login-process.asp"
--data "ClientID=LVSandsExpoCC&Username=<username>&Password=<password>&Submit=Submit"
--cookie "ASPSESSIONIDASBUBTDA=<value>" --cookie-jar ./cjar --compressed -L

-L in the command above ensures that CURL follows the redirection if it is set in the Location header. --cookie-jar saves your cookies in a file so you can reuse them in future requests.

In Postman, I suppose, the cookie should be set as a request header explicitly.

PS I strongly doubt the MM_validateForm() function is any relevant here, as it only handles the cookie expiration date.

Answer 2

As it turns out for Postman, my problem was this:

I was using Postman to send form-data but when viewing the dev tools network tab I see that the content type is x-www-form-urlencoded .

In Postman you have this option to send in the body form-data as well as x-www-form-urlencoded . I had form-data selected which is why it did not authenticate.

As far as MM_validateForm() , I disabled Javascript and was still able to log in. So it seems this was not the reason for my failed login in this case.

as the user makeiteasy said,

PS I strongly doubt the MM_validateForm() function is any relevant here, as it only handles the cookie expiration date. - makeiteasy (Stackoverflow user)

and this is very true.