Akamai sensor data generator for a valid _abck cookie on post request (Python)

Question

So I'm trying to do an auto checkout on a website but I keep getting blocked because I cant get a valid _abck cookie. I've seen on some websites that people pay so coders give them the sensor data generator, I can't afford that so I came here in search for some advice in how to code this generator.

First I've to crate a post request with the sensor data as payload, this one will set the valid _abck cookie. Then I've to create another post request with the _abck cookie and some more to call the checkout and get the paypal url

Website: www.zalando.com

API: https://opensource.zalando.com/restful-api-guidelines/

import pickle, requests

from bs4 import BeautifulSoup


s = requests.session()

headers = {
    'Authority': 'www.zalando.es',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
    "Accept-Encoding": "gzip, deflate, br",
    'Accept-Language': 'es-ES,es;q=0.9',
    'Referer': 'https://www.zalando.es/checkout/address',
    "Cache-Control": "no-cache",
    'Upgrade-Insecure-Requests': '1',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36'
}

s.headers.update(headers)

#loading previous zalando session saved cookies so I can access my cart and checkout.
cookies = pickle.load(open(f"{COOKIES_PATH}", "rb"))
for cookie in cookies:
    cookie_obj = requests.cookies.create_cookie(
        domain=cookie["domain"], name=cookie["name"], value=cookie["value"])
    s.cookies.set_cookie(cookie_obj)

res = s.get("https://www.zalando.es/checkout/confirm")

soup = BeautifulSoup(res.text, "lxml")

data = soup.find_all("div")

for attrs in data:
    section = attrs.get("data-props")
    if section:
        final = str(section).split(",")
        for info in final:
            if "eTag" in info:
                eTag = str(info.split(":")[1])[3:-3]
            if "checkoutId" in info:
                checkoutID = "".join(str(info.split(":")[1].strip('"')).split("""))

s.headers["Accept"] = "*/*"
s.headers["Accept-Encoding"] = "gzip, deflate, br"
s.headers["Content-Type"] = "text/plain;charset=UTF-8"
s.headers["Referer"] = "https://www.zalando.es/checkout/confirm"
s.headers["Origin"] = "https://www.zalando.es"

cookies, cookie = ["bm_sz", "frsx", "zac", "zsr", "zsi", "zsa", "mpulseinject",
                    "Zalando-Client-Id", "fvgs_ml", "ak_bmsc", "_abck", "bm_sv"], ""

for name, value in s.cookies.get_dict().items():
    if name in cookies:
        cookie += f"{name}={value}; "

s.headers["Cookie"] = cookie[:-2]

payload = {"sensor_data": "..." }

akamai = s.post("https://www.zalando.es/QP-swp7Px0/SRyH/rEGktd/9maOrLch/WlluOA/KS9r/OH59U0YB", json=payload)

csrf = s.cookies.get_dict()["frsx"]
s.headers["X-Xsrf-Token"] = csrf
s.headers["Accept"] = "application/json"
s.headers["Content-Type"] = "application/json"
del s.headers["upgrade-insecure-requests"]

cookies, cookie = ["bm_sz", "frsx", "zac", "_gid", "_ga", "zsr", "zsi", "zsa", "mpulseinject",
                    "Zalando-Client-Id", "fvgs_ml" "csrf-token", "ak_bmsc", "_abck", "bm_sv"], ""

for name, value in s.cookies.get_dict().items():
    if name in cookies:
        cookie += f"{name}={value}; "

s.headers["Cookie"] = cookie[:-2]


payload = {"checkoutId": checkoutID,
            "eTag": eTag }

res = s.post(
    "https://www.zalando.es/api/checkout/buy-now", json=payload)

print(res.content)

Answer 1

Shouldn't you be able to get a _abck cookie just by doing a GET to https://www.zalando.es ? actually both a bm_sz and _abck

Or are you saying you don't get an _abck cookie to use, doing that, without the sensor data?

also: the _abck cookie might have a long lifetime. If you get a good one, you could try hardwiring it into your code.

Answer 2

Nope, in case of abck cookie there's quite complicated. By simple get you wont get valid abck cookie. As sensor data readin mouse movement etc. And every new request akamai script is check and compare sensor data, so if you will hardcode this cookie, you will be able to send few more requests. I didn't tested yet, but you can try this: https://github.com/zedd3v/abck

Answer 3

simple request module won't work to get _abck. you will be required to try with browser based module that will give you abck but still after few try you will start getting invalid cookie or challenge cookies so akamai cookie generator is quite complex thing if you just need one abck cookie at a time than browser based solution is sufficient for you but if you need in bulk than it's quite diffiuclt to implement.