Hi everyone, and Happy New Year. Long ago amazon.com was accessible using edbrowse, but they have both come a long way since then. At present I'm using 3.7.1 from the github archive, with the jar variable set correctly, but cannot sign into my account successfully. What I notice is this: #1. No matter what, I always get the "Please enable cookies to continue" message at the top of the sign-in page. #2. If I exit this page and quit edbrowse, the cookie jar is written with data from Amazon. #3. When I enter my sign-in info and activate the submit button, edbrowse segfaults. #4. In a subsequent attempt, if I increase the edbrowse db level to 2, it still segfaults, without first producing any debugging output. Are there tricks I don't know about? Can others do this successfully? If so, how? Can I generate more helpful information somehow? I am fortunate at the moment to have sighted relatives using windows to assist me in making purchases, but have not always, and may not always have. Any tips or suggestions will be appreciated. Chuck -- Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full) When your only tool is a hammer, everything looks like a nail. Sent from Alma's iPhone.
Hi Chuck, Happy new year everyone. Chuck Hallenbeck wrote on Fri, Jan 05, 2018: > #1. No matter what, I always get the "Please enable > cookies to continue" message at the top of the sign-in page. This is likely a js problem, some variable/field must not be set somewhere so the text is displayed. > #3. When I enter my sign-in info and activate the submit button, > edbrowse segfaults. I can reproduce this segfault, it crahes in handlerGoBrowse (in html.c) after walking up the html tags till there is no parent anymore, and found no handler at all, then runs the handler of the document itself and since it is the first handler tries to get 'cf' from the null tag. I believe we should just remove this line 1800: cf = t->f0; (I'll defer to Karl on that) The problem is that, even after doing that, Amazon still does not log me in after filling the information. It reloads the same page and tells me the Email I entered is not valid, except that I think it should be, so there must be some more javascript failing? Running with -d3 gives me a few messages "TypeError: undefined not callable" so I am sure that something goes wrong somewhere, but not what. > Are there tricks I don't know about? Can others do this > successfully? If so, how? Can I generate more helpful information > somehow? Reporting something that others can reproduce is already very helpful! I have gotten the information I just gave from a tool called 'gdb'. You need to compile edbrowse with 'make EDDEBUG=1' then running edbrowse under gdb will give you more information about what happened during the crash. -- Dominique
Hi Dominique, Many thanks. I'll recompile edbrowse as you suggest and be able to use gdb for later checks. I'm much relieved to know this problem is reproducible. I have two others waiting in the wings <smile> Chuck Chuck -- Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full) When your only tool is a hammer, everything looks like a nail. Sent from Vernon's iPhone.
Ok, yeah, my bad, I think I fixed it now. I also have an amazon account and just logged in. I will say though it's god-awful slow... Karl Dahlke
I really want to support amazon.com. We have quite a hardcore javascript challenge ahead of us. Back in September, I found out something jaw dropping about what amazon does on their login page. If you want to experience this for yourself, do this.. b http://amazon.com 11 {the line with the login link} demin g2 {Now the login page is loaded} jdb showscripts() {scripts[9] is the big one. either echo document.scripts[9].data or export it to a file} This code, called fwcim._CB516154953_.js, is impressively obfuscated like this: var _z2sz = function (_Zs$2, _iLLLl, _111LI) { var _ooO0O = [ 'FwcimObfusca', 'nod', 'te', 'hBStatement', 'has', 'e', 39801 ]; var _ZS$2z = _ooO0O[1] + _ooO0O[5] + (_ooO0O[0] + _ooO0O[2]), 2szSs = _ooO0O[6]; Someone called Ricky Lalwani has also worked on this. His own angle is that he wants to generate text-to-speech. He wrote about it at length in a two-part post. Here's part two: https://ricky.lalwani.me/programming/logging-in-to-amazon-part-2/ The problem involves an http request variable called 'metadata1', which is generated on the fly. And a remarkable amount of work goes in to building this thing, including bitwise transformation operators and hex encoding. Amazon has put a lot of effort into making it difficult to get an accurate value for metadata1, and they reject you without it. Can the geniuses and genius-botherers of edbrowse-dev crack this code? I hope we can do it! On Fri, 5 Jan 2018, Chuck Hallenbeck wrote: > Hi Dominique, > > Many thanks. I'll recompile edbrowse as you suggest and be able to use gdb > for later checks. > > I'm much relieved to know this problem is reproducible. I have two others > waiting in the wings <smile> > > Chuck > > > Chuck > > -- > Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full) > When your only tool is a hammer, everything looks like a nail. > Sent from Vernon's iPhone. > _______________________________________________ > Edbrowse-dev mailing list > Edbrowse-dev@lists.the-brannons.com > http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev > -------- Kevin Carhart * 415 225 5306 * The Ten Ninety Nihilists
You logged in? Is metadata1 not a problem after all?
It always kicks me back to the login page as Dominique said.
On Fri, 5 Jan 2018, Karl Dahlke wrote:
> Ok, yeah, my bad, I think I fixed it now.
> I also have an amazon account and just logged in.
> I will say though it's god-awful slow...
>
> Karl Dahlke
> _______________________________________________
> Edbrowse-dev mailing list
> Edbrowse-dev@lists.the-brannons.com
> http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
>
--------
Kevin Carhart * 415 225 5306 * The Ten Ninety Nihilists
Hi Karl,
On Fri, 5 Jan 2018, Karl Dahlke wrote:
> Ok, yeah, my bad, I think I fixed it now.
> I also have an amazon account and just logged in.
> I will say though it's god-awful slow...
Yes, but it's still faster than getting my daughter to do it for me
<smile>
The segfault is gone now, but it seems Amazon thinks I'm still using my
old fastmail account. One more assist from my daughter and I will be
okay with Amazon here.
Many thanks, as usual.
Chuck
--
Here In Northeast Ohio also, The Moon is Waning Gibbous (80% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Calvin's iPhone.
Hi everyone, Turns out I still have a problem signing into my Amazon account, although it no longer segfaults. The credentials that work correctly using windows fail to work using edbrowse. Those credenttials have been stable for several months, and I am well-known to Amazon by virtue of my Amazon Echo device, which uses the same credentials on my iPhone app., resulting in my receiving occasional emails from Amazon. I have captured a failed sign-in attempt with the edbrowse db level set to 3, which seems to reveal two JS errors, and I hope someone will take a look at it. It's above my paygrade, I'm afraid. The file containing the failed signin is only about 3K, and can be fount here: www.panix.com/~chuxroom/signing-in.txt Note the tilde following the slash in the address. Chuck -- Here In Northeast Ohio also, The Moon is Waning Gibbous (75% of Full) When your only tool is a hammer, everything looks like a nail. Sent from Leslie's iPhone.
Hi Chuck,
Chuck Hallenbeck wrote on Sat, Jan 06, 2018:
> The file containing the failed signin is only about 3K, and can be
> fount here:
>
> www.panix.com/~chuxroom/signing-in.txt
I'm not going to be very helpful regarding the js errors themselves, but
if your password is six numbers followed by two letters I'd advise you
to change reasonably quickly as it was written in play text lower in the
logs.
The password is sent in plain-text in a post value that is printed at
db3 later on.
We can reproduce the js problem, although it's actually the two errors
you get while loading the sign in page (so before what you posted) that
matter since that's the time js will manipulate the form values before
posting.
I'm not sure I'll be of much help but I'll try to look at it, even if
the code is obfuscated it should still run in duktape...
--
Dominique