dcsimg
Results 1 to 4 of 4
  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Sep 2005
    Location
    Modesto, Ca.
    Posts
    3,629

    General HTML tracing utility ( I guess )

    Let me start off by saying I know nothing about HTML, Javascript, or Web Page design.

    Using VB 2015 I created a little database app for storing all my favorite Web Sites and their associated User Id and Passwords. I just click the site from a DataGridView and the site pops up. No problem, works fine. So, of course I decided to take it the next level and have my program insert the user Id and Password into the appropriate TextBoxes on the Web Page. The first one I tried was Facebook and it was easy to find the correct elements.

    Code:
          With IE.Document
                        .getElementByID("email").value = "someemail@abcdef.net"
                        .getElementByID("pass").value = "somepassword"
                        .getElementByID("loginbutton").Click
                    End With
    The next one was harder because the sign in button was a class name,

    Code:
                    With IE.Document
                        .getElementByID("online-id-form").value = "qwerty"
                        .getElementByID("password-form").value = "somepassword!"
                        .getElementsByClassName("cta--form-submit teal js-dashboard-sign-in")(0).Click
    
                    End With
    But now I'm stuck and this is actually one of the sites that doesn't use cookies and I have to type my email address and password. There is no code like "id="password" or "<input " ( or something close ).

    When then Log In panel load I check but "view source code" and "view frame code" which looks like this,
    Code:
    <!DOCTYPE html>
    <!--
      auth-ui
      Copyright 2016 UnboundID Corp.
      All Rights Reserved.
    
      Data Governance Broker UI for authentication.
    -->
    <html>
      <head>
        <title>The Save Mart Companies User Authentication</title>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta charset="utf-8">
        <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
        <meta http-equiv="Pragma" content="no-cache">
        <meta http-equiv="Expires" content="0">
        <link href="dist/img/SM-icon-57x57.png" rel="shortcut icon">
        <link href="dist/vendor/bootstrap.min.css" rel="stylesheet">
        <link href="dist/vendor/font-awesome.min.css" rel="stylesheet">
        <link href="dist/css/ubid-account.min.css" rel="stylesheet">
      </head>
      <body class="login-body">
        <!-- app container -->
        <ubid-app>
          <span class="fa fa-spinner fa-pulse loading-icon"></span>
        </ubid-app>
    
        <!-- load app and dependency scripts -->
        <script src="dist/vendor/shim.min.js"></script>
        <script src="dist/vendor/zone.min.js"></script>
        <script src="dist/vendor/Reflect.js"></script>
        <script src="dist/vendor/system.js"></script>
        <script src="system.config.js"></script>
        <script src="dist/vendor/lib-bundle.js"></script>
        <script src="dist/app/app-bundle.js"></script>
    
        <!-- import the app -->
        <script>
          System.import('app').
              catch(function(err) { console.error(err); });		 
        </script>
      </body>
    </html>
    This is a public website and anyone can view this code so I don't think I'm violating any rules by posting this code, simply right click the web page.

    My guess is it's calling additional scripts and there's no way to track down the information I want but I thought I'd ask if there was a utility that could help me, just to put my mind at ease.
    Last edited by wes4dbt; May 27th, 2018 at 02:17 AM.

  2. #2
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    32,148

    Re: General HTML tracing utility ( I guess )

    ALL websites are technically public, since every web browser that I am aware of includes tools that allow you to see everything about the site, including HTML, JS files loaded, and so on. Nothing is hidden and nothing is obfuscated (unless you count minifying JS, which really is not about obfuscation, but does make the JS harder to read).

    With websites, there is no guarantee that anything like what you are doing has to work, or will keep working. Just to display some text on the page has so many alternative approaches possible that you really can't count on the HTML to look like anything in particular. With a Windows form, if there is text on the form, it is usually a label. People CAN do other things, but there is little reason to do so. With HTML, if there is text on the page, it could be ANYTHING, with little reason to choose one option over another. The same is true for input boxes, which will usually be Textboxes on Winforms, but could be a dozen different things in HTML (and maybe more). Better still, the text or the input box could be nothing at all. Those elements may be created directly and added to the page on the client side by the JS. Therefore, JS can mean that the web page is a bit like a dynamically generated form in Windows. In Windows, you would create a textbox, position it, and perhaps add event handlers. The same can be said of JS, except that you may not be creating a textbox because you have so many options for what that thing that accepts text actually is. It doesn't have to have an ID or a class, either. It could just be the nth child of some parent, which is almost as good as an ID as far as JS is concerned.

    So, why is this done? Sometimes it is just because web folks like to find clever/obscure solutions. Sometimes it is to create some effect. Sometimes it is just to keep people from being able to automatically log on, because that's something a spam bot would need to be able to do. Automating a login can be done for the most innocent of reasons, as it sounds like you are doing, but when it comes to the web, you always have to ask yourself: Could this be used to do something bad. If the answer to that is Yes, then it WILL be used for something bad, and that is likely why you are finding it harder to find things like logins.
    My usual boring signature: Nothing

  3. #3

    Thread Starter
    PowerPoster
    Join Date
    Sep 2005
    Location
    Modesto, Ca.
    Posts
    3,629

    Re: General HTML tracing utility ( I guess )

    sh, thanks for the reply.

    Well I guess I'll just have to tough it out and type in my username and password on some sites. It's been a fun experiment and I find it interesting that the mega company Facebook was the easiest to automate.

  4. #4
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    32,148

    Re: General HTML tracing utility ( I guess )

    Yeah, that is strange. After all, Facebook is known world wide for it's diligence when it comes to keeping user information from getting into the wrong hands, and ensuring the authenticity of everything posted to their site, so it's a total surprise that they wouldn't make it harder for somebody to automate logins.
    My usual boring signature: Nothing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width


×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.