WEBVTT

00:00.850 --> 00:07.420
So first, let me show you by example how Craigslist is actually authenticating us when we log in.

00:08.090 --> 00:15.140
Click on the my account up here and then you need to make an account with your email first and then

00:15.140 --> 00:18.380
we can try out and see how we authenticate ourselves.

00:18.920 --> 00:21.500
So press command option I.

00:23.090 --> 00:24.200
Or control shift.

00:24.230 --> 00:24.410
I.

00:24.440 --> 00:28.370
If you're on windows to open up the chrome developer menu.

00:29.220 --> 00:31.470
Go inside the network tab here.

00:32.930 --> 00:36.500
And make sure that you have preserved log enabled.

00:37.550 --> 00:43.220
So it doesn't clear the log when the page is reloading or you get navigated to another page as you log

00:43.220 --> 00:43.670
in.

00:44.760 --> 00:51.030
Then click on the recording button, make sure it's recording, and then try and click on log in.

00:51.510 --> 00:52.710
So here we go.

00:54.830 --> 01:01.550
And now I'm logged in and then I'm going to stop the recording so I don't get more requests in my log.

01:02.330 --> 01:10.130
And then you can see here, our very first request is called login, which sounds pretty promising for

01:10.130 --> 01:11.690
what we're trying to do.

01:14.650 --> 01:22.270
And in here you can see there's a request URL for accounts craigslist.org login.

01:22.450 --> 01:27.430
It's a post method, which is usually what login methods are.

01:27.460 --> 01:32.200
They are post request to a specific endpoint such as login.

01:32.930 --> 01:35.710
And then we can see a response headers.

01:35.720 --> 01:38.540
There's a cookie being set here.

01:40.000 --> 01:42.960
We also have a request header here.

01:42.970 --> 01:46.570
We also have a cookie set already when we make the request.

01:47.990 --> 01:54.080
Then we have the form data which is being passed from our form when we log in.

01:54.290 --> 02:00.980
So here you can see my email and my password that I passed from the form, the previous form.

02:00.980 --> 02:04.100
So if I go log out, I will show you the form.

02:05.030 --> 02:06.620
So here's the form.

02:07.440 --> 02:09.660
With the email and the password.

02:09.660 --> 02:18.210
And this is what is getting passed to this endpoint with a post request in the form data we have here.

02:19.070 --> 02:22.700
Here's the input email handle and here's the password.

02:23.560 --> 02:29.290
And this then gets sent via a post request to this endpoint up here.

02:30.440 --> 02:34.700
Now, this is how a lot of sites lock in work.

02:35.500 --> 02:41.410
They basically make a post request to an endpoint and then a cookie gets set.

02:41.440 --> 02:43.600
And here we can see a session.

02:43.600 --> 02:45.850
Cookie is being set.

02:46.150 --> 02:50.950
It says session session properly for Craigslist session.

02:50.950 --> 02:53.410
And then it has a long string here.

02:53.930 --> 03:01.670
So now when we log in, a cookie gets set on our browser and then Craigslist can see on this cookie

03:01.670 --> 03:03.890
that we are authenticated.

03:04.740 --> 03:07.800
And you can also see a max age on this cookie here.

03:07.800 --> 03:12.930
So this is when the cookie has expired and we need to log in again.

03:13.990 --> 03:22.060
A lot of sites work this way and you just have to dig in the network tab and try and figure out what

03:22.060 --> 03:28.450
kind of data is being sent to this form and how do we then authenticate ourselves.

03:29.590 --> 03:35.980
And now I'm going to show you how we can replicate this inside of Postman so we can try and see how

03:35.980 --> 03:38.170
we can also do this request.