Captcha harvesting for Supreme example

supreme-captcha-harvester.js

'use strict';

const {Harvester} = require('captcha-manager');
const request = require('request-promise-native');

const harvester = new Harvester();

const availableCaptchaResponseTokens = [];

const siteKey = '6LeWwRkUAAAAAOBsau7KpuC9AV-6J8mhw4AjC3Xz';
const captchasPerMinute = 5;

async function harvest(){
    for(let i = 0; i < captchasPerMinute; i++){
        availableCaptchaResponseTokens.push(await harvester.getResponse('supremenewyork.com', siteKey));
    }
}

setInterval(harvest, 60000); // harvest every 60 seconds
harvest(); // start harvesting as soon as the script starts

async function checkout(){
    const captchaResponseToken = availableCaptchaResponseTokens.shift(); // returns an available captcha response token or undefined if there are none available
    if(captchaResponseToken === undefined){
        console.log('No available captcha response tokens');
        return false;
    }
    try{
        // body will be the parsed JSON object from the response body
        const {statusCode, body} = await request({
            method: 'POST',
            url: 'https://www.supremenewyork.com/checkout.json',
            gzip: true,
            resolveWithFullResponse: true,
            json: {
                'g-recaptcha-response': captchaResponseToken,
                'utf8': '✓',
                'authenticity_token': '',
                'order[billing_name]': '',
                'order[email]': '',
                'order[tel]': '',
                'order[billing_address]': '',
                'order[billing_address_2]': '',
                'order[billing_address_3]': '',
                'order[billing_city]': '',
                'order[billing_zip]': '',
                'order[billing_country]': '',
                'same_as_billing_address': 1,
                'store_credit_id': '',
                'credit_card[type]': ''
                'credit_card[cnb]': '',
                'credit_card[month]': 10,
                'credit_card[year]': 2017,
                'credit_card[vval]': '',
                'order[terms]': 1,
                'hpcvv': ''
            }
        });
        if(statusCode !== 200){
            console.log('Status code ' + statusCode);
            return false;
        }else{
            console.log('Cart status: ' + body.status);
            return true;
        }
    }catch(error){
        console.log('Could not checkout: ' + error.message);
        return false;
    }
}

I will surely try it. Thank you for your contribute. 👍

Great work. Do you work with C#?

I don't. Also, I'm not sure whether this code still works anymore—the npm package I created for it hasn't been updated in ages and I'm sure the Supreme website has changed as well.

…

On Fri, 15 Nov 2019, 00:19 TTonics, ***@***.***> wrote: Great work. Do you work with C#? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/3f4c0cfb786a34fe4821fe181e751e9b?email_source=notifications&email_token=AGFB3FMQIJDUW4AU4O5UEZDQTXMIJA5CNFSM4JHK2YXKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF4GZS#gistcomment-3083673>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGFB3FJOEH426RAZ3AGZFPTQTXMIJANCNFSM4JHK2YXA> .

Anyway i'm still interested. If you would like to find out a new way to harvest the captcha, please contact me if want/need support.

Hey, I don't have a lot of experience in node.js and web dev in general but I am working on my own supreme bot. I think I have everything but the captcha down and have a couple of questions. First, a call to getResponse needs a website and a sitekey, how did you obtain supreme's sitekey? Isn't it supposed to be private?

Also on the npm page for captcha manager it says in the setup section that "you have to edit your hosts file. You'll need to add a new entry for each website you'll be getting captcha tokens from. For example, if you'll be getting tokens from adidas.com, you have to add this to your hosts file: 127.0.0.1 localapi.adidas.com". What is this used for? And How do I determine the right one for supreme?

Hey, I don't have a lot of experience in node.js and web dev in general but I am working on my own supreme bot. I think I have everything but the captcha down and have a couple of questions. First, a call to getResponse needs a website and a sitekey, how did you obtain supreme's sitekey? Isn't it supposed to be private?

There is a private key and a public key. The site key I'm referring to is the public key which you can find on any page of the site that has a reCAPTCHA box.

Also on the npm page for captcha manager it says in the setup section that "you have to edit your hosts file. You'll need to add a new entry for each website you'll be getting captcha tokens from. For example, if you'll be getting tokens from adidas.com, you have to add this to your hosts file: 127.0.0.1 localapi.adidas.com". What is this used for? And How do I determine the right one for supreme?

Because the captchas will be filled in on a page that is hosted locally (127.0.0.1), we need to trick the browser into thinking that they are actually being filled in on a page that is hosted by the site that will be using them. In this case, that site is Supreme. So we will map 127.0.0.1 to localapi.supremenewyork.com in the hosts file of your computer.

I stopped playing around with this stuff a long time ago though, I'm not sure if it will work anymore. The concept is still pretty solid though. Also, I believe Supreme check the sub-domain as well when validating captcha tokens so I'm not sure if this would work with Supreme anyway.

Kavuti I'm working on one at the moment. Did you ever figure it out? I have found other working checkout methods but have not tested any proof of concept as far as harvesting beforehand goes.

@kickdoor
No, i didn't go through this. It's still interesting me but it's not what i am working on. If you want some help contact me via email at
christian.cavuti@gmail.com
I will be available to find a method.

Sure. I will contact you later this evening. I've figured out pretty much all of it but I wouldn't mind exchanging info and seeing what we come up with. Thanks!

@kickdoor I'd take a look at CaptchaHarvester. It doesn't have to mess with your hosts file at all.