I always use -useb with iwr, only because it spits out lots of errors otherwise, I think most people do as well (this isn't an issue). The "system access" in the title might be misleading, the javascript code can't access system resources just the same as it can't if you were running it internet explorer, unless of course there was an exploit.
Also, for OP: Do you mean "access to the system it runs on"? Because I'm pretty sure it doesn't run with "SYSTEM" access (as in privileged user).
It's basically same as using headless chrome to download or scrape things. The Invoke-WebRequest cmdlet here ('curl' is the alias for it), let's you do things like pass the response to some other cmdlet and do stuff with it. You can for example check the status code (even with usebasicparsing/useb), I believe with full DOM rendering here does is that it lets you access the DOM post-render for script manipulation.
There are lots of legit uses for this, especially when it involves interacting with sites that are too outdated and internal, or external sites that publish important information but don't have a proper feed or api.
To do this with curl.exe proper would not be possible (get a fully rendered dom). Even without rendering the whole dom, parsing the html/xml using cli tools or a shell script is very difficult. What Invoke-webrequest does it doesn't 'pipe' or output the raw text response, but an object that contains the rawresponse ( (curl -useb https://news.ycombinator.com).rawresponse ) but also the body, the headers and a other details of the response for shell scripting.
rdtsc•1h ago
bragh•1h ago
Obviously, it does not cause any confusion at all because all the Windows admins always install the latest and greatest versions of Powershell into the environments they administer.
rdtsc•1h ago
mjmas•1h ago