I am trying to login to the site : https://cube.tradejini.com/#/ and retrieve the cookie information.
below is my html code.. but its failing at validating the credentials, anyone please guide.. as I am novice to VBA.
Also note that the webpage takes 3 fields for the validation. username, password and a question.
url = "https://cube.tradejini.com/#/"
With CreateObject("WinHttp.WinHttpRequest.5.1")
.Open "POST", url, False
.setRequestHeader "REFERER", url
.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
.setRequestHeader "content-type", "application/json"
.setRequestHeader "Accept", "text/xml,application/xml,application/xhtml xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
.setRequestHeader "Accept-Language", "en-us,en;q=0.5"
.setRequestHeader "Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
.SetCredentials "TSUser1", "Password", "1989"
.send
strCookie = .GetAllResponseHeaders
End With
CodePudding user response:
You won't be able to use SetCredentials() with that website as the login uses the form body of the POST to submit your login credentials in this format:
"jData=
{
"uid":"TESTUSER1",
"pwd":"580c16cbb8092433538a5155ad8852974a1f44fe38bf9cc975cbe86a35639d18",
"factor2":"1985",
"apkversion":"20220318",
"imei":"da30a574e60f7a54e4beecfb9ea701d9",
"vc":"NOREN_WEB",
"appkey":"87b39b109b81a7b3a0173370043304a9ebfc8af19593d9acc9b5fdef7669bdc9",
"source":"WEB",
"addldivinf":"Chromium Edge-105.0.1343.33"
}"
Where uid = the username, pwd = password factor2 = date of birth. Notice that the password is hashed when submitted, but it is not salted so the same password == same hash. Press F12 in a browser -> fill in your login information -> in the dev tools > network tab click on QuickAuth and select the payload tab to see the hash of your password. Here is a post that goes over sending a JSON object in a POST form body using VBA that you can follow to format your code. Also, side note - that third parameter in SetCredentials() is for a flag denoting whether the request is going to a proxy or directly to a server. You wouldn't be able to use it for your date of birth.