Review the Login Form

By reviewing the login page at www.example.com, you can determine the target URL of the Action attribute and the required arguments that are being passed to the Web application. Assume that www.example.com has a login page that contains the following <form> and <input> tags:

<form action="/index.shtm" method="POST" name="frmPassLogin" onsubmit="return 
logincheck();">
	<input TYPE="TEXT" NAME="SearchString" SIZE="18" MAXLENGTH="100" VALUE="">
	<input type="hidden" value="All" name="sc">
	<input type="hidden" value="ON" name="FreeText">
	<input type="image" src="/images/nav/button/bttn_form_arrow.gif" NAME="Action" 
	border="0"/ alt="Submit Search"></td>
	<input type="text" name="username" size="18">
	<input type="password" name="password" size="18">
	<input type="image" src="/images/nav/button/bttn_form_arrow.gif" border="0" 
	name='login' />
	<input type="checkbox" name="remember" checked/> <span 
	class="bdDkGray">Remember my Login<br></span>
</form>

From the action attribute of the <form> tag, you can determine that the target URL is relative to the root of the login page’s URL. Therefore, the target URL is:

www.example.com/index.shtm

You can also determine that the method attribute of the <form> tag is POST:

method="POST"

After reviewing the <input> tags, you can determine that the required arguments are:

username
password

Note: Notice that not all input fields are necessary for login. For more information about reviewing login forms, see Determining the Login Requirements.