I don't think the form, per se, is encrypted. I do think that the *names* of the form fields and the values of certain HIDDEN form fields are encrypted, and that they use that indeed as a way to ensure that you can't just keep submitting the same <form> over and over. Each post you make must be made with a new <form> that you get from them.

And the form field names change on each reload of the page. So your VBS code would have to scan all the fields and figure out, by position, which one is doing what. So you can't just "fill in the ?" as somebody suggested. You first have to figure out what ? is for this particular incarnation of the <form>.

No, I don't know how to do that using the MSIE object scripted by VBS. I think I could do it by "screen scraping", using ServerXMLHTTP, as I suggested. But it's not a trivial task and would take several hours. With no guarantees it works, at the end.

I looked at their JS library and didn't *see* anything doing client-side encryption. Doesn't mean it's not there. But I don't see why it would matter if there is, if you are indeed invoking the browser itself.

I think it's mainly just the field names and then hidden form field values that have to agree to constitute a valid post, so far as their protection software is concerned.