Invoke-Webrequest does not return cookie

Occasional Contributor

Hi, I'm trying to automate the request of a web page protected by a password. When I post the login form with the password, I expect to find the authentication cookie set by the website to be included in the session variable, so that I can request the protected page by passing the cookie. However, in the response to the POST, there are no cookies. I must be overlooking something obvious ?

 

When I inspect the browser conversation, the response to the POST contains the following header:

 

 

 

Set-Cookie: AuthCookie=e8b931f20709701 ... etc ... ; path=/; httponly;

 

 

 
This is the code I have:
 
 

 

 

$header1 = @{
'Host'="$($ip)"
'User-Agent'= 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 Edg/80.0.361.62'
'Accept'= 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
'Accept-Language'= 'en-GB,en;q=0.9,en-US;q=0.8,fr;q=0.7,nl;q=0.6,af;q=0.5'
'Accept-Encoding'= 'gzip, deflate'
'Content-Type'='application/x-www-form-urlencoded'
'Referer'="$($url1)"
}

$login = Invoke-WebRequest $url1 -SessionVariable ws
$login.Forms[0].Fields.LogBox = $pwd
$page = Invoke-WebRequest $url1 -Body $login.Forms[0].Fields -Method Post -Headers $header1 -WebSession $ws
$page.Headers
$ws.Cookies.GetCookies($url1)

 

 

 
When I run the script, the page headers does not contain any cookies, and the web session variable's cookies are also empty.
 
Can anyone point me in the right direction ?
 
Stephane
 
2 Replies

Hello,

 

@StephaneBouillon 

have you tried the example 6 from the Powershell help for Invoke-Webrequest( https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?vi...  )?

 

May that will help you ;)

 

br,

Nico

Thansk for your time and effort @Nico_G 

 

I checked that example, and it talks about multipart/form-data post submission, but that is not what the server is expecting, it just needs a simple application/x-www-form-urlencoded. Below I include the traffic that is exchanged. The issue I have is that when I do it programmatically, the cookie is missing from the post's response.

 

General
  Request URL: http://10.0.2.49/general/status.html
  Request Method: POST
  Status Code: 301 Moved Permanently
  Remote Address: 10.0.2.49:80
  Referrer Policy: no-referrer-when-downgrade

Response Headers
  Cache-Control: no-cache
  Connection: close
  Content-Language: en-gb
  Content-Length: 9705
  Content-Type: text/html
  Location: /general/status.html
  Pragma: no-cache
  Server: debut/1.30
  Set-Cookie: AuthCookie=e8b931f207097012850e8afdecace8a7:JWlbdmN8MrhkZCsRxhIPWYu7HH86yGgEAA%3D%3D; path=/; httponly;
  X-Frame-Options: DENY

Request Headers
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  Accept-Encoding: gzip, deflate
  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,fr;q=0.7,nl;q=0.6,af;q=0.5
  Cache-Control: max-age=0
  Connection: keep-alive
  Content-Length: 101
  Content-Type: application/x-www-form-urlencoded
  Host: 10.0.2.49
  Origin: http://10.0.2.49
  Referer: http://10.0.2.49/general/status.html
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 Edg/80.0.361.62

Form Data
  CSRFToken: cmsr3WdzCu+xd1rW3SW1ZWemTfk6OQAoAA==
  B133c: *** the password ***
  loginurl: /general/status.html