edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed
* [Edbrowse-dev] Signing into my Amazon account
@ 2018-01-05 19:54 Chuck Hallenbeck
  2018-01-05 20:35 ` Dominique Martinet
  0 siblings, 1 reply; 9+ messages in thread
From: Chuck Hallenbeck @ 2018-01-05 19:54 UTC (permalink / raw)
  To: Edbrowse Development

Hi everyone, and Happy New Year.

Long ago amazon.com was accessible using edbrowse, but they have both 
come a long way since then. At present I'm using 3.7.1 from the github 
archive, with the jar variable set correctly, but cannot sign into my 
account successfully.

What I notice is this:

#1. No matter what, I always get the "Please enable
cookies to continue"  message at the top of the sign-in page.

#2. If I exit this page and quit edbrowse, the cookie jar is written 
with data from Amazon.

#3. When I enter my sign-in info and activate the submit button, 
edbrowse segfaults.

#4. In a subsequent attempt, if I increase the edbrowse db level to 2, 
it still segfaults, without first producing any debugging output.

Are there tricks I don't know about? Can others do this successfully? If 
so, how? Can I generate more helpful information somehow?

I am fortunate at the moment to have sighted relatives using windows to 
assist me in making purchases, but have not always, and may not always 
have. Any tips or suggestions will be appreciated.

Chuck


-- 
Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Alma's iPhone.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 19:54 [Edbrowse-dev] Signing into my Amazon account Chuck Hallenbeck
@ 2018-01-05 20:35 ` Dominique Martinet
  2018-01-05 20:53   ` Chuck Hallenbeck
                     ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Dominique Martinet @ 2018-01-05 20:35 UTC (permalink / raw)
  To: Chuck Hallenbeck; +Cc: Edbrowse Development

Hi Chuck,

Happy new year everyone.

Chuck Hallenbeck wrote on Fri, Jan 05, 2018:
> #1. No matter what, I always get the "Please enable
> cookies to continue"  message at the top of the sign-in page.

This is likely a js problem, some variable/field must not be set
somewhere so the text is displayed.

> #3. When I enter my sign-in info and activate the submit button,
> edbrowse segfaults.

I can reproduce this segfault, it crahes in handlerGoBrowse (in html.c)
after walking up the html tags till there is no parent anymore, and
found no handler at all, then runs the handler of the document itself
and since it is the first handler tries to get 'cf' from the null tag.

I believe we should just remove this line 1800:
                        cf = t->f0;
(I'll defer to Karl on that)


The problem is that, even after doing that, Amazon still does not log me
in after filling the information. It reloads the same page and tells me
the Email I entered is not valid, except that I think it should be, so
there must be some more javascript failing? Running with -d3 gives me a
few messages "TypeError: undefined not callable" so I am sure that
something goes wrong somewhere, but not what.

> Are there tricks I don't know about? Can others do this
> successfully? If so, how? Can I generate more helpful information
> somehow?

Reporting something that others can reproduce is already very helpful!
I have gotten the information I just gave from a tool called 'gdb'.

You need to compile edbrowse with 'make EDDEBUG=1' then running edbrowse
under gdb will give you more information about what happened during the
crash.

-- 
Dominique

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 20:35 ` Dominique Martinet
@ 2018-01-05 20:53   ` Chuck Hallenbeck
  2018-01-05 22:19     ` Kevin Carhart
  2018-01-05 22:04   ` Karl Dahlke
  2018-01-06 12:12   ` Chuck Hallenbeck
  2 siblings, 1 reply; 9+ messages in thread
From: Chuck Hallenbeck @ 2018-01-05 20:53 UTC (permalink / raw)
  To: Dominique Martinet; +Cc: Chuck Hallenbeck, Edbrowse Development

Hi Dominique,

Many thanks. I'll recompile edbrowse as you suggest and be able to use 
gdb for later checks.

I'm much relieved to know this problem is reproducible. I have two 
others waiting in the wings <smile>

Chuck


Chuck

-- 
Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Vernon's iPhone.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 20:35 ` Dominique Martinet
  2018-01-05 20:53   ` Chuck Hallenbeck
@ 2018-01-05 22:04   ` Karl Dahlke
  2018-01-05 22:55     ` Kevin Carhart
  2018-01-05 23:40     ` Chuck Hallenbeck
  2018-01-06 12:12   ` Chuck Hallenbeck
  2 siblings, 2 replies; 9+ messages in thread
From: Karl Dahlke @ 2018-01-05 22:04 UTC (permalink / raw)
  To: edbrowse-dev

Ok, yeah, my bad, I think I fixed it now.
I also have an amazon account and just logged in.
I will say though it's god-awful slow...

Karl Dahlke

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 20:53   ` Chuck Hallenbeck
@ 2018-01-05 22:19     ` Kevin Carhart
  0 siblings, 0 replies; 9+ messages in thread
From: Kevin Carhart @ 2018-01-05 22:19 UTC (permalink / raw)
  To: Chuck Hallenbeck; +Cc: Dominique Martinet, Edbrowse Development




I really want to support amazon.com.  We have quite a hardcore javascript 
challenge ahead of us.  Back in September, I found out something jaw 
dropping about what amazon does on their login page.


If you want to experience this for yourself, do this..
b http://amazon.com
11
{the line with the login link}
demin
g2
{Now the login page is loaded}
jdb
showscripts()
{scripts[9] is the big one. either echo document.scripts[9].data or export 
it to a file}

This code, called fwcim._CB516154953_.js, is impressively obfuscated like 
this:


                             var _z2sz = function (_Zs$2, _iLLLl, _111LI) {
                                 var _ooO0O = [
                                     'FwcimObfusca',
                                     'nod',
                                     'te',
                                     'hBStatement',
                                     'has',
                                     'e',
                                     39801
                                 ];
                                 var _ZS$2z = _ooO0O[1] + _ooO0O[5] + 
(_ooO0O[0] + _ooO0O[2]), 2szSs = _ooO0O[6];

Someone called Ricky Lalwani has also worked on this.  His own angle is 
that he wants to generate text-to-speech.  He wrote about it at length in 
a two-part post.  Here's part two:

https://ricky.lalwani.me/programming/logging-in-to-amazon-part-2/


The problem involves an http request variable called 'metadata1', which is 
generated on the fly.  And a remarkable amount of work goes in to
building this thing, including bitwise transformation operators and hex 
encoding.  Amazon has put a lot of effort into making it difficult to get 
an accurate value for metadata1, and they reject you without it.


Can the geniuses and genius-botherers of edbrowse-dev crack this code?

I hope we can do it!













On Fri, 5 Jan 2018, Chuck Hallenbeck wrote:

> Hi Dominique,
>
> Many thanks. I'll recompile edbrowse as you suggest and be able to use gdb 
> for later checks.
>
> I'm much relieved to know this problem is reproducible. I have two others 
> waiting in the wings <smile>
>
> Chuck
>
>
> Chuck
>
> -- 
> Here In Northeast Ohio also, The Moon is Waning Gibbous (81% of Full)
> When your only tool is a hammer, everything looks like a nail.
> Sent from Vernon's iPhone.
> _______________________________________________
> Edbrowse-dev mailing list
> Edbrowse-dev@lists.the-brannons.com
> http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
>

--------
Kevin Carhart * 415 225 5306 * The Ten Ninety Nihilists

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 22:04   ` Karl Dahlke
@ 2018-01-05 22:55     ` Kevin Carhart
  2018-01-05 23:40     ` Chuck Hallenbeck
  1 sibling, 0 replies; 9+ messages in thread
From: Kevin Carhart @ 2018-01-05 22:55 UTC (permalink / raw)
  To: edbrowse-dev



You logged in?  Is metadata1 not a problem after all?
It always kicks me back to the login page as Dominique said.


On Fri, 5 Jan 2018, Karl Dahlke wrote:

> Ok, yeah, my bad, I think I fixed it now.
> I also have an amazon account and just logged in.
> I will say though it's god-awful slow...
>
> Karl Dahlke
> _______________________________________________
> Edbrowse-dev mailing list
> Edbrowse-dev@lists.the-brannons.com
> http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
>

--------
Kevin Carhart * 415 225 5306 * The Ten Ninety Nihilists

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 22:04   ` Karl Dahlke
  2018-01-05 22:55     ` Kevin Carhart
@ 2018-01-05 23:40     ` Chuck Hallenbeck
  1 sibling, 0 replies; 9+ messages in thread
From: Chuck Hallenbeck @ 2018-01-05 23:40 UTC (permalink / raw)
  To: Karl Dahlke; +Cc: edbrowse-dev

Hi Karl,

On Fri, 5 Jan 2018, Karl Dahlke wrote:

> Ok, yeah, my bad, I think I fixed it now.
> I also have an amazon account and just logged in.
> I will say though it's god-awful slow...


Yes,  but it's still faster than getting my daughter to do it for me 
<smile>

The  segfault is gone now, but it seems Amazon thinks I'm still using my 
old  fastmail account. One more assist from my daughter and I will be 
okay  with Amazon here.

Many thanks, as usual.

Chuck



-- 
Here In Northeast Ohio also, The Moon is Waning Gibbous (80% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Calvin's iPhone.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-05 20:35 ` Dominique Martinet
  2018-01-05 20:53   ` Chuck Hallenbeck
  2018-01-05 22:04   ` Karl Dahlke
@ 2018-01-06 12:12   ` Chuck Hallenbeck
  2018-01-06 12:20     ` Dominique Martinet
  2 siblings, 1 reply; 9+ messages in thread
From: Chuck Hallenbeck @ 2018-01-06 12:12 UTC (permalink / raw)
  To: Dominique Martinet; +Cc: Chuck Hallenbeck, Edbrowse Development

Hi everyone,

Turns out I still have a problem signing into my Amazon account,
although it no longer segfaults.

The credentials that work correctly using windows fail to work using
edbrowse.

Those credenttials have been stable for several months, and I am
well-known to Amazon by virtue of my Amazon Echo device, which uses
the same credentials on my iPhone app., resulting in my receiving
occasional emails from Amazon.

I have captured a failed sign-in attempt with the edbrowse db level
set to 3, which seems to reveal two JS errors, and I hope someone
will take a look at it.  It's above my paygrade, I'm afraid.

The file containing the failed signin is only about 3K, and can be
fount here:

www.panix.com/~chuxroom/signing-in.txt

Note the tilde following the slash in the address.

Chuck


-- 
Here In Northeast Ohio also, The Moon is Waning Gibbous (75% of Full)
When your only tool is a hammer, everything looks like a nail.
Sent from Leslie's iPhone.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [Edbrowse-dev] Signing into my Amazon account
  2018-01-06 12:12   ` Chuck Hallenbeck
@ 2018-01-06 12:20     ` Dominique Martinet
  0 siblings, 0 replies; 9+ messages in thread
From: Dominique Martinet @ 2018-01-06 12:20 UTC (permalink / raw)
  To: Chuck Hallenbeck; +Cc: Edbrowse Development

Hi Chuck,

Chuck Hallenbeck wrote on Sat, Jan 06, 2018:
> The file containing the failed signin is only about 3K, and can be
> fount here:
> 
> www.panix.com/~chuxroom/signing-in.txt

I'm not going to be very helpful regarding the js errors themselves, but
if your password is six numbers followed by two letters I'd advise you
to change reasonably quickly as it was written in play text lower in the
logs.
The password is sent in plain-text in a post value that is printed at
db3 later on.


We can reproduce the js problem, although it's actually the two errors
you get while loading the sign in page (so before what you posted) that
matter since that's the time js will manipulate the form values before
posting.
I'm not sure I'll be of much help but I'll try to look at it, even if
the code is obfuscated it should still run in duktape...

-- 
Dominique

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2018-01-06 12:17 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-05 19:54 [Edbrowse-dev] Signing into my Amazon account Chuck Hallenbeck
2018-01-05 20:35 ` Dominique Martinet
2018-01-05 20:53   ` Chuck Hallenbeck
2018-01-05 22:19     ` Kevin Carhart
2018-01-05 22:04   ` Karl Dahlke
2018-01-05 22:55     ` Kevin Carhart
2018-01-05 23:40     ` Chuck Hallenbeck
2018-01-06 12:12   ` Chuck Hallenbeck
2018-01-06 12:20     ` Dominique Martinet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).