4

I'm trying to set cookies while scraping Amazon to not get caught and look like an authentic user.

I'm trying to replicate the behaviour of the website. I've completely analyzed the headers, the request and response signatures etc. The only thing which change is cookies, and that too csm-hit and visitCount. I understood the logic behind visitCount getting updated, but not csm-hit.

Here's the csm-hit cookie.

tb:s-Y4SB9X78SYQB53MGCQWE|1551555477343&t:1551555479805&adb:adblk_no

It is of the below format:-

tb:s - ALPHANUMERIC | EPOCH_TIME &t EPOCH_TIME &adb:adblk_no

This alphanumeric characters (which looks like base64 encoded) keep changing. It calls a function updateCsmHit when reloading/redirecting out of the amazon, which then updates the csm-hit value and then re-use the same updated value next time when the request is being made to the server. If this cookie is not already saved in the browser, it does not send csm-hit in the request, but saves it the moment we step out of Amazon.

I've anlyzed the complete source code using Chrome Dev tool, but unable to crack the logic of generating this alphanumeric value.

  1. I want to understand how this value is being generated so that I can use the same logic to replicate its generation? Can anyone please help me in this regard by using Chrome Dev tool.

  2. Does anyone know the significance of csm-hit?

PS: Please don't advise me to use the same csm-hit everytime. I want to know how is this getting generated.

Rubén
  • 34,714
  • 9
  • 70
  • 166
Praful Bagai
  • 16,684
  • 50
  • 136
  • 267
  • I didn't have much time to test, but sound like this CSM is the Client Side Monitoring tool. I never used Go before, but looks like the only SDK with CSM features. Hopefully will give you some clue on how the value is generated: https://docs.aws.amazon.com/sdk-for-go/api/aws/csm/ – Bruno Monteiro Mar 13 '19 at 01:01
  • I was trying my hand on a scraper too and what better than amazon to try it. Were you able to crack the logic behind csm-hit? Also, any idea what the order of each entity in the cookie is [session-id, session-token etc]? Looks like the order changes quite a bit too. – mang4521 Oct 29 '21 at 13:34

0 Answers0