Discovering the Login URL and Form Data Fields

This example of how to discover a user-password web application’s login URL and its form data fields requires a browser capable of analyzing http requests.

To discover an application’s login URL and form data fields:

1. In your browser, go to a user-password web application’s login page.

2. Open your browser’s network analyzer tool, typically found under Developer Tools, or something similar.

3. Enter your credentials in the login page and click the login button.

4. Look for the Logon POST method and select it.

5. View the login header.

6. Look within the header for “Request URL.” This is the request URL. You’ll use its value for the URL field in the generic user-password application template.

7. Look within the header for the “Form Data” section, then within that section for the user name field and the password field. The fields may have many different names depending on how the application defined them. You can identify the user name field because its value will be your user name. The password field’s value will be your password. You’ll use these two field names in the advanced script in the generic user-password application template.

   If you keep the browser and its development tools open, you can cut and paste the request URL and form data field names from the browser into the generic user-password application template.