2

I'm trying to understand how to automate checkout process on a demandware website that uses adyen checkout. 

payload_creditcard = {
...
"dwfrm_billing_paymentMethod": "CREDIT_CARD",
"dwfrm_billing_creditCardFields_cardType": "Master+card",
"dwfrm_billing_creditCardFields_adyenEncryptedData":"adyenjs_0_1_18$ibddsadc65...", 
"dwfrm_billing_creditCardFields_cardNumber":"************3345"
"dwfrm_billing_creditCardFields_expirationMonth": "20",
"dwfrm_billing_creditCardFields_expirationYear": "2030"
}

This is the script for the payment:

checkout_page = s.get("https://www.slamjam.com/en_IT/checkout-begin?stage=payment#payment",headers=headers)

checkout_card = s.post("https://www.slamjam.com/on/demandware.store/Sites-slamjam-Site/en_IT/CheckoutServices-SubmitPayment",headers=headers, data=payload_creditcard)

place_order = s.get("https://www.slamjam.com/en_IT/checkout-begin?stage=placeOrder#placeOrder",headers=headers)

The problem is that every time the "dwfrm_billing_creditCardFields_adyenEncryptedData" changes every time and I don't know how to generate it. I found javascript functions within the website, but to make them work you need an html with the form with the card inputs and obviously I can't insert an html every time I need this token inside the python code, because everything is based on speed. Is there any way you can recommend me or if someone has already done it before?

Alessandro Irace
  • 39
  • 1
  • 5
  • You are trying to create a bot to perform purchases on slamjam's website? – luke_b May 20 '20 at 15:55
  • Actually I'm trying to understand how these types of bots work, but I'm not going to create others, there are enough of them. I would like to understand how developers manage to bypass this type of security every time! – Alessandro Irace May 20 '20 at 17:44
  • Does this answer your question? [adyen encrypted credit card data](https://stackoverflow.com/questions/58664449/adyen-encrypted-credit-card-data) – luke_b May 20 '20 at 18:22
  • No, so I asked again. Unfortunately, the boy managed to find the solution but does not want to share it – Alessandro Irace May 20 '20 at 18:36

1 Answers1

1

The adyen client js intentionally performs per session, client side encryption to keep a shopper's card information safe, and keep the company's server out of scope for PCI.

If you really need to test this, then you will need to use something like selenium webdriver for python to actually load the page and render the js.

luke_b
  • 667
  • 6
  • 14