Skip to content

Instantly share code, notes, and snippets.

@justhyped

justhyped/sec_cpt.js

Created April 22, 2024 08:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save justhyped/38e3cc4b36456ddd9e4ecb2875043a08 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save justhyped/38e3cc4b36456ddd9e4ecb2875043a08 to your computer and use it in GitHub Desktop.
Download ZIP
This script shows how to solve Akamai's Crypto Challenge using the Hyper Solutions SDK
Raw
sec_cpt.js
import {
destroySession,
freeMemory,
getCookiesFromSession, request,
requestWithAutoHeaderOrder,
SEC_CH_UA,
USER_AGENT
} from "../http.js";
import {parseChallengeHTML} from "hyper-sdk-js/akamai/sec_cpt.js";
/**
* Tests security checkpoint validity.
* @returns {Promise<boolean>} If the generated cookie is valid
*/
export async function testSecCpt() {
const sessionId = "testSecCpt";
const challenge = getHomePage(sessionId);
if (!challenge) {
throw new Error("challenge isn't truthy");
}
function getSecCptCookie() {
const data = getCookiesFromSession({
sessionId,
url: "https://www.similarweb.com/website/google.com"
});
const v = data.cookies.find(cookie => cookie.name === "sec_cpt")?.value;
freeMemory(data.id);
return v;
}
await challenge.wait();
while (challenge.hasCryptoChallenge()) {
const payload = challenge.cryptoChallenge.generatePayload(getSecCptCookie());
challenge.updateCryptoChallenge(postCryptoChallengePayload(sessionId, challenge.path, payload));
}
const success = verifyChallenge(sessionId);
destroySession(sessionId);
return success;
}
function getHomePage(sessionId) {
const response = requestWithAutoHeaderOrder({
sessionId,
headers: {
"sec-ch-ua": SEC_CH_UA,
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": `"Windows"`,
"upgrade-insecure-requests": "1",
"user-agent": USER_AGENT,
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
},
requestUrl: "https://www.similarweb.com/website/google.com",
requestMethod: "GET"
});
const challenge = parseChallengeHTML(response.body);
freeMemory(response.id);
return challenge;
}
function postCryptoChallengePayload(sessionId, path, payload) {
const headers = {
"sec-ch-ua": SEC_CH_UA,
"sec-ch-ua-platform": `"Windows"`,
"sec-ch-ua-mobile": "?0",
"user-agent": USER_AGENT,
"content-type": "text/plain;charset=UTF-8",
"accept": "*/*",
"origin": "https://www.similarweb.com",
"sec-fetch-site": "same-origin",
"sec-fetch-mode": "cors",
"sec-fetch-dest": "empty",
"referer": "https://www.similarweb.com" + path,
"accept-encoding": "gzip, deflate, br, zstd",
"accept-language": "en-US,en;q=0.9"
};
const headerOrder = ["content-length"];
headerOrder.push(...Object.keys(headers), "cookie");
const response = request({
sessionId,
headers,
headerOrder,
requestUrl: "https://www.similarweb.com/_sec/verify?provider=crypto",
requestMethod: "POST",
requestBody: payload
});
const body = response.body;
freeMemory(response.id);
return body;
}
function verifyChallenge(sessionId) {
const headers = {
"user-agent": USER_AGENT,
"accept": "*/*",
"sec-gpc": "1",
"sec-fetch-site": "same-origin",
"sec-fetch-mode": "cors",
"sec-fetch-dest": "empty",
"referer": "https://www.similarweb.com/website/google.com",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
};
const headerOrder = Object.keys(headers);
headerOrder.push("cookie");
const response = request({
sessionId,
headers,
headerOrder,
requestUrl: "https://www.similarweb.com/_sec/cp_challenge/verify",
requestMethod: "GET"
});
const success = !!JSON.parse(response.body).success;
freeMemory(response.id);
return success;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment