CODEWITHSUNDEEP
powershellinternet-explorer
LEnc95
LEnc95

Reputation: 58

Powershell - IE | Bypass - This site is not secure

My PS1 file is just launching a site in IE. I am unable to navigate to the URL due to This site is not secure prompt. I need to bypass this prompt and my workaround is not working. I think I may be improperly selecting more information with sslbypass. Is there a different way to bypass?

"Starting Internet Explorer in Background"
$ie = New-Object -com InternetExplorer.Application
$ie.visible=$true
$uri = 'https://soti10app1/MobiControl/WebConsole/'
$ie.navigate("$uri")
while($ie.ReadyState -ne 4) {start-sleep -m 100};
if ($ie.document.url -Match "invalidcert")
        {
        "Bypassing SSL Certificate Error Page";
        #$sslbypass=$ie.Document.getElementsByTagName("a") | ?{$_.href -match "javascript:expandCollapse('infoBlockID', true);"}
        #$sslbypass.click();
        $sslbypass=$ie.Document.getElementsByTagName("a") | where-object {$_.id -eq "overridelink"};
        $sslbypass.click();
        "sleep for 5 seconds while final page loads";
        start-sleep -s 5;
        };
if ($ie.Document.domain -Match "soti10app1", "soti10app2", "soti10app3")
        {
        "Successfully Bypassed SSL Error";
        }
        else
        {
        "Bypass failed";
        }
get-process iexplore | stop-process

The page that loads when running script.

<!DOCTYPE HTML>
<html>
    <head>
        <link rel="stylesheet" type="text/css" href="newErrorPageTemplate.css">
        <meta http-equiv="x-ua-compatible" content="IE=edge">
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>This site isn&rsquo;t secure</title>

        <script src="invalidcert.js" language="javascript" type="text/javascript">
        </script>
        <script src="errorPageStrings.js" language="javascript" type="text/javascript">
        </script>
        <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">
        </script>
    </head>
    <body onLoad="BodyLoad(); initMoreInfo('infoBlockID');">
        <div id="contentContainer" class="mainContent">
            <div id="invalidcert_mainTitle" class="title" style="color: #a90000;">This site is not secure</div>
            <div id="invalidcert_subError" class="BodyTextBlockStyle">
                This might mean that someone&rsquo;s trying to fool you or steal any info you send to the server. You should close this site immediately.<br><br>
            </div>
            <div class="BaseTextBlockStyle"><a href="javascript:close();"><img class="shieldImage" alt="Recommended icon" src="shieldcheck.ico" width="20px" height="20px"><id id="invalidcert_closeTab">Close this tab</id></a><br></div>

            <div id="moreInformationAlign" align="left" aria-labelledby="moreInformation">
                <table>
                    <tr>
                        <td valign="top" aria-labelledby="infoBlockIDImage">
                            <a href="#" onclick="javascript:expandCollapse('infoBlockID', true); return false;"><img src="down.png" id="infoBlockIDImage" border="0" class="actionIcon" alt="More information"></a>
                        </td>
                        <td valign="top">
                            <span id="moreInfoContainer"></span>
                            <noscript><id id="moreInformation">More information</id></noscript>
                        </td>
                    </tr>
                </table>

                <div id="infoBlockID" class="infoBlock" style="display: none">
                    <br/>
                    <b><span id="certReason" style="margin-left:20px"></span></b>
                    <p id="ErrorCode" style="margin-left:20px"></p>
                    <p class="BaseTextBlockStyle" id="override" style="margin-left:20px"><a href="#" id="overridelink"><img class="shieldImage" alt="Not recommended icon" src="shieldcritical.ico" width="20px" height="20px">Go on to the webpage (not recommended)</a></p>
                </div>
            </div>
        </div>
    </body>
</html>

How do I bypass this page and continue to my $uri?

Upvotes: 1

Views: 1381

Answers (1)

Brandon
Brandon

Reputation: 21

NOTE: I'm working on this in an intranet network with self-signed certificates. I strongly wouldn't suggest anyone actually utilizing this code elsewhere.

I ran into this same problem, and it's like the page document isn't fully loading. I've bypassed it with the below code.

$IE=new-object -com internetexplorer.application
$IE.visible=$true
$IE.FullScreen=$false
$IE.ToolBar = $false
$IE.StatusBar = $false
$IE.MenuBar = $false
$IE.AddressBar = $true
$IE.Resizable = $true
$IE.navigate2("https://URL.com")
$i=0
While ( $IE.busy -eq $true ) { 
   Start-Sleep -s 1
   $i = $i + 1
   if ( $i -ge 20 ) { break }
}
$overrideLink = $IE.document.links | where-object {$_.id -eq "overridelink" }
$overrideLink.click()

However, it looks like the fun continues when you're past this page. I still need to login and looks like I'll need to iterate through "$IE.document.forms" to perform that instead of utilizing $IE.document.getElementById("username") . If you also need to perform a login, I was successful with adding the following code.

#Need to wait for webpage to load after bypassing
$i=0
While ( $IE.busy -eq $true ) { 
   Start-Sleep -s 1
   $i = $i + 1
   if ( $i -ge 20 ) { break }
}

$loginForm = $IE.document.forms[0]

$usernameForm = $loginForm.children | Where-Object { $_.innerHTML -match "j_username" } #This contains the HTML for the form, so it will always contain the id
$usernameField = $usernameForm.children | Where-Object {$_.id -eq "j_username" }
$usernameField.value = "USERNAME"

$passwordForm = $loginForm.children | Where-Object { $_.innerHTML -match "j_password" } #This contains the HTML for the form, so it will always contain the id
$passwordField = $passwordForm.children | Where-Object {$_.id -eq "j_password" }
$passwordField.value = "PASSWORD"

$loginForm.submit()

Upvotes: 1

Related Questions