I am trying to recreate an HTTP request through Python Requests but it looks like there are headers being added to the Ajax Request on the page that is validated server-side.
Here is the website I am trying to login to.
I was able to find the code that sends the POST request:
var b = "/entreg/json/AuthenticateAction";
var a;
var c = {
username: d.username,
password: d.password,
newPassword: d.newPassword,
retypeNewPassword: d.retypeNewPassword
};
$.ajax({
url: b,
cache: false,
type: "post",
data: $("#loginForm").serialize()
})
Even when I run this code by itself, it sends the request and adds the headers (all prefixed with X-jFuguZWB-). It looks like there is some obfuscated code that runs something like $.ajaxSetup({headers: {"X-jFuguZWB-Z": "test-value"}}) to attach that header to all requests.
My question is, which part of the page is adding these headers and is there any way to recreate the headers when I make my own POST request via Python?
I did find some obfuscated javascript in the <!-- Google Tag Manager --> section of the page but I am unable to tell what it is doing.