My colleague reached out to me again for a seemingly simple issue – the request for was for a login passthrough. User-Computer interaction is often overlooked; however, it is an important issue when we consider how much work it takes to accomplish a task. When people put thought into this they often come up with very helpful considerations to make the end-users experience much more ideal.
In this case, it was a simple issue of figuring out how to pass through an login form to the site. Time is precious. These days, every service we utilize many time has some login and password. Sometimes we really don’t care and just want to get to whatever it is we want. I already know what you are thinking… Someone please call security on this crazy person! When you already have multiple layers of security to get to this one endpoint, it seems kind of redundant.
I was grateful for the challenge because I had to do some research on automation of navigating the web and how to implement it in such a way that doesn’t succumb to CORs issues which is designed to protect us from attacks originating from malicious sources.
Doing some analysis of the webpage I managed to uncover the login mechanism and exploited that in such a way as to automate its execution for the end user in this case. Important bits are blurred out. See below:
