How can I use a regular expression in JavaScript to get a value from page source code from a function tag?

#1

here is the function from the source code

Code:

function dosubmit() { if (getObj("Frm_Username").value == "") { getObj("errmsg").innerHTML = "Username cannot be empty."; getObj("myLayer").style.visibility = "visible" ; return; } else { getObj("LoginId").disabled = true; getObj("Frm_Logintoken").value = "3"; document.fLogin.submit(); } }

i want to get the value of getObj(“Frm_Logintoken”) as i can’t pull the value from #Frm_Logintoken

using

Code:

document.getElementById("#Frm_Logintoken")

this gives me null

because Frm_Logintoken only gets it’s value when i click submit .

Code:

<input type="hidden" name="Frm_Logintoken" id="Frm_Logintoken" value="">

full page code

i found this online

Code:

/getObj("Frm_Logintoken").value = "(.*)";/g

but when i run it … it gives me the same line again ! it’s full code

another regular expression i found but don’t even know how to use it

Quote:Example of a regular expression to search: before_egrep=‘N1:getObj(“Frm_Logintoken”).value = “(\w+)”’

Here, N1 is assigned the value of the back reference - the expression in parentheses. \w + denotes the main compound characters, this is a synonym for “[_[:alnum:]]”. Once again - pay attention to the brackets - this is the back link. At the same time, there are also parentheses in the source code fragment - they need to be escaped
i am trying to make an auto login script that works in the background like it

doesn’t show the user the login form page but the only the page after it

and i have found this code online too but don’t know what’s about it contains xhr .

the line that Attracted my attention is

Code:

/getObj\("Frm_Logintoken"\).value = "(.*)";/g

when i run it … it gives me the line again !

some notes :

i have tried

Code:

document.getElementById("Frm_Logintoken").value

but it gives me empty “”
because

Quote:Frm_Logintoken only gets it’s value when i click submit .

the page will not even accept the correct password if the Frm_Logintoken token value isn’t the same as one in the page.

the Frm_Logintoken is a token generated by the page and it basically increment by one on each successful login.

#2

“How do I bypass anti-bot code by using bot code”
mmh yeah. no. I’m not comfortable with what you’re doing.

You’re already halfway there with your first regex, and some more basic string manipulation methods can get you the rest of the way if you look into it.

1 Like
#3

“I’m not comfortable with what you’re doing”
it’s an auto login script what’s wrong with it ?
“and some more basic string manipulation methods can get you the rest of the way if you look into it”

i don’t know how ::sweat: i asked a lot and every where but know one gives me the right answer :sweat: :sweat::sweat:

#4

hi mate you are the first one to understand me… i don’t know why the others doesn’t get what i want to do ?
and just suggesting using codes like this

var string = ‘getObj(“Frm_Logintoken”).value = “7”;’;

alert(string.match(/getObj(“Frm_Logintoken”).value = “(.*)”;/)[1])


what should my question title be ?
what should i write in the body ?
i am so mad … are they playing dump or something ?
i asked about 3 question on stack over flow about the same subject and still didn’t get a correct answer ?

#5

I understand perfectly what you want to do.

Let me ask this; what website are you trying to do this on?

#6

my own router

#7

and why do you not just use javascript to… call the dosubmit() function and let the code… do what it’s supposed to?

#8

i want to make just show the page after the login page directly .

#9

I think you may be attacking the problem from the wrong flank. i.e. from your earlier topic

What does the sever-side code that’s dealing with the transient hash look like?

#10

no i have already solved that!

#11

can you take a look on this please ?
javascript - how can i inspect(document.body) in js while loading the page using object? - Stack Overflow

#12

You need to address the CORS issue.

https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

How to allow cross-origin access

Use CORS to allow cross-origin access. CORS is a part of HTTP that lets servers specify what hosts are permitted to load content from that server.

#13

I am not sure what you need to do and you are probably not using the best solution. Since you describe your requirements in the context of describing the solution it is difficult to understand the requirements. Beginners often think that regular expressions are the easiest solution then they have problems using regular expressions. See the following.

If you can state the requirements clearly without describing how you think it should be done then it is much more likely people will help. If it is a complicated requirement and you can describe it clearly then many people here are likely to enjoy the challenge.

1 Like
#14

if found where my problem relies … and couldn’t fix it correctly

<head1>
test
</head1>

<body1>    
<object type="text/html" data="http://page/" ></object>
<script>
let str = document.querySelector("body > script")
let pattern =/\bgetObj\("Frm_Logintoken"\)\.value = "([^"]+)";/;
console.log(str.match(pattern)[1]);

</script>
</body1>

the problem here is that the code works on the first page not the requested one .
if it was only possible to change from the top to 192.168.1.2 using code
62138280_1450974295045557_6919843156020166656_n

here is what i want to do in details
i want to make an auto login script in local level with a page that i can’t edit it’s code that have login token !

let’s say my page will be running on 192.168.1.5
and the other page is on 192.168.1.2
so my page should contain a code that is able to request the other page code and login to it .
this the curl login command … if it helps
curl "http://192.168.1.2/" --data "frashnum=&action=login&Frm_Logintoken=24&Username=adm1n&Password=admon"
Here is the source code of the other page.
and the regex that matches the login token
getObj\("Frm_Logintoken"\).value = "(.*)"; console.log(test[1]);
The line that has the login token value is at line 194 exactly
the username input area js path
document.querySelector("#Frm_Username")
the password input area js path
document.querySelector("#Frm_Password")
a function from the other page code that submits the login date
function dosubmit()
i am not really sure if the login needed if i am not using curl
as it’s not a value that the user inputs .
notes
the Frm_Logintiken is a token generated by the page and it basically increment by one on each successful login!
and i can’t use a proxy because mostly this will be local executed code .
i want that script to be able to work on phones browsers too

i hope i cleared this enough

If it is a complicated requirement and you can describe it clearly then many people here are likely to enjoy the challenge

i hope that’s true :slight_smile:

#16

Isn’t that what you were asking about in your other thread that didn’t work either? I’d suggest to tackle one problem at a time, otherwise you won’t even know if the issue is with your current code or the code it depends on…

1 Like
#17

no it’s not what i were asking !!!
it’s a whole different thing

#18

In that case, unless you can get the script author to edit the file for you, you’re out of luck.

Since this approach is (probably?) a dead-end, I think it would be a good time to back up and rethink. i.e.

What is it about “non-auto login” that is trouble enough to make you want an auto login?

Chances are that others also have trouble with the existing UX and an improvement would be appreciated.

2 Likes
#19

why out of luck … there is no possible solution ?

#20

(one of) the problem(s) you have is wanting to bypass the Same-origin policy

You can either

  • host everything on the same origin
  • change your code to explicitly allow a different origin
  • petition the other origin to change their code to allow you access

If you can not do any of those, you’re out of luck.
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.

2 Likes
#21
  • change your code to explicitly allow a different origin

you mean that code that is i am controlling ?

<object type="text/html" data="http://page/" ></object>
<script>
let str = document.querySelector("body > script")
let pattern =/\bgetObj\("Frm_Logintoken"\)\.value = "([^"]+)";/;
console.log(str.match(pattern)[1]);

without using php ?