Re: [Edbrowse-dev] Signing into my Amazon account

Fri, 05 Jan 2018 14:20:07 -0800 



I really want to support amazon.com.  We have quite a hardcore javascript 
challenge ahead of us.  Back in September, I found out something jaw 
dropping about what amazon does on their login page.



If you want to experience this for yourself, do this..
b http://amazon.com
11
{the line with the login link}
demin
g2
{Now the login page is loaded}
jdb
showscripts()

{scripts[9] is the big one. either echo document.scripts[9].data or export 
it to a file}



This code, called fwcim._CB516154953_.js, is impressively obfuscated like 
this:



                            var _z2sz = function (_Zs$2, _iLLLl, _111LI) {
                                var _ooO0O = [
                                    'FwcimObfusca',
                                    'nod',
                                    'te',
                                    'hBStatement',
                                    'has',
                                    'e',
                                    39801
                                ];

                                var _ZS$2z = _ooO0O[1] + _ooO0O[5] + 
(_ooO0O[0] + _ooO0O[2]), 2szSs = _ooO0O[6];



Someone called Ricky Lalwani has also worked on this.  His own angle is 
that he wants to generate text-to-speech.  He wrote about it at length in 
a two-part post.  Here's part two:


https://ricky.lalwani.me/programming/logging-in-to-amazon-part-2/



The problem involves an http request variable called 'metadata1', which is 
generated on the fly.  And a remarkable amount of work goes in to
building this thing, including bitwise transformation operators and hex 
encoding.  Amazon has put a lot of effort into making it difficult to get 
an accurate value for metadata1, and they reject you without it.



Can the geniuses and genius-botherers of edbrowse-dev crack this code?

I hope we can do it!













On Fri, 5 Jan 2018, Chuck Hallenbeck wrote:


Hi Dominique,


Many thanks. I'll recompile edbrowse as you suggest and be able to use gdb 
for later checks.



I'm much relieved to know this problem is reproducible. I have two others 
waiting in the wings <smile>


Chuck


Chuck

--
Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Vernon's iPhone.
_______________________________________________
Edbrowse-dev mailing list
[email protected]
http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev



--------
Kevin Carhart * 415 225 5306 * The Ten Ninety Nihilists
_______________________________________________
Edbrowse-dev mailing list
[email protected]
http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev






















					Reply via email to