ive been trying to google this but cant find anything that works, but how do I make it so that the request will log into my webpages user account. I am trying to access a linear emerge webpage that has all my users data, i want to extract this and run it through a flow to create a user database with the card ids.
I have tried the basic authentication, and I tried to add the login info into the login id and password section and then post the changes, but still no luck
There are LOTS of different ways security is implemented. Without knowing the website or having access it is pretty much impossible to help you.
Where to start...
Open the Dev tools on chrome, login, access the data you want, then look at the headers in the request - you may find the answer or at least it should lead you in the right direction.
yeah, ive been doing that for the last 2 hours. ive caught the traffic that moves the username and password information. ive tried all sorts of arrangments with it. adding in the data and posting it back into the ip addres url. ive tried different variants of url manipulation to try and add the password as part of the url.
A common pattern is the initial login returns a token that can be (must be) sent in subsequent requests as a cookie.
I suspect if you add that cookie and some of those headers to the http request node, you will get a valid response.
still no luck, anything I do all I get back is still just the login page information. I guess I was thinking there would have been some common method or something that I was missing or just searching incorrectly for on google.
i did discover when logging in that the website runs a js script http://172.25.11.205/js/jquery-1.5.1.min.js at this url before displaying any thing after login
No, some sites build the data server side and deliver HTML with the dynamic values embeded.
Some present an endpoint that the client side queries and dynamically udates the HTML.
SO: Assuming the latter, you should see additional requests (for data) in the network tab. They will likely return JSON or XML (then the web app scripts will build the frontend visuals)
In other words, you should probably NOT be trying "GET" the home page or any other HTML page but instead, be
GETing the subsequent requests for data
If you can track down in the devtools->network tab a response that contains the values you are trying to extract, then duplicate that request, with all its headers etc, you should get the data.
Once you can get data, you can then worry about automating the login part for getting a fresh token.
okay, so when i catch the network traffic this is everything i see during a login
so would I make a flow of multiple request nodes asking for those .js scripts?
No. Keep the network tab open, browse to the page of interest, do you see additional requests? Check the "repsonse" - do you see the data of interest?
Once you find the specific request containing the data you wish to access, recreate THAT request (copying all the headers etc)
Example (from watching this site)
Please note: I have zero idea what you are looking at, how its built, where the data of interest is (it may be on the first page after login - it may be delivered with the
js or in the 1st response) etc etc.
But based on experience, I suspect there will be a later request (possibly something like
values.xml or something else entirely.
so i found the data i want
this is the header information
and i added it into the request nodes headers
also to give you more information as to what im connecting to, it is an internal device that manages our users ID cards and door access. i am connecting via its web portal ip address. it is all LAN based.
So do you still have a problem? Did the request with the headers set not work?
no, same issue, still send me the login page as a response.
so it seems you will need to do that in NR too.
Have the HTTP Req
- visit the login page (unsure how credntials are provided but that will be revealed in the headers/url)
- grab the new token or session id (or whatever looks like security) that was generated for Node-RED
- add the generated token to the headers (or wherever it goes) to a 2nd HTTP Req on the correct URL for the data you want
NOTES: Use your Node-RED IP address for the
Host header and anything that looks like an IP of the request.
at the login page with my request node, i cant find any session id in the output it sent me.
but I can find a section that had the login information
nvm i set my debug to headers and got the session id
still no luck, think i will just go with a csv dump of the user file and ill just create a flow to sort it out that way.
my goal was to create a one user database where my admin can just create id's for people on the same software and update my node red user database along with it. but i guess i can just extract the csv manually and dump it, its a little more manual than i wanted but not totally tedious.
As Steve indicated, the screenshots are quite selective, unknowns are left on the table - but it seems like a very simple "security" login, while all values are already filled in.
"Normally" a login procedure starts with a form with an submit action, which should be a POST request. This POST request goes to the server and the server creates a session ID. (therefore you cannot use the cookie/PHPSESSID from another session).
The only thing you need to know is how the login procedure is done: the names of the form elements, the values and the "action" url - you can find this url in the login page source code.
The form elements and values are send via msg.payload.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.