Akamai Bypass (Java)

Question

I am writing a bot to auto purchase items on a website (zalando). Everything goes well from login to adding items to shopping cart but at the very end it doesn't work anyomore. It sends this error: { "edge_error": "halt", "ref_id": "18.57c51102.1663765843.299fc0e", "wait": 60, "feedback": { "email": true, "url": "", "recaptcha": { "enabled": false, "type": 0, "sitekey": "" } }}

I think it has something to do with their protection or just me missing a header or cookie or a delay... I honestly have no clue anymore This is the code I use in the end (to checkout and generate a paypal link (post response)):

public void makePostJsonRequest(WebDriver driver, String eTag, String checkoutID)
{
    retrieveCookiesMap(driver);
    HttpClient httpClient = new DefaultHttpClient();
    try {
        HttpPost postRequest = new HttpPost("https://www.zalando.be/api/checkout/buy-now");
        postRequest.setHeader("authority", "www.zalando.be");
        postRequest.setHeader("accept", "application/json");
        postRequest.setHeader("accept-language", "en-US,en;q=0.9");
        postRequest.setHeader("content-type", "application/json");
        postRequest.setHeader("cookie", "language-preference=nl;" +
                " Zalando-Client-Id=" + cookiesMap.get("Zalando-Client-Id") + ";" +
                " ncx=f;" +
                " _gcl_au=" + cookiesMap.get("_gcl_au") + ";" +
                " sqt_cap=" + cookiesMap.get("sqt_cap") + ";" +
                " _ga=" + cookiesMap.get("_ga") + ";" +
                " _gid=" + cookiesMap.get("_gid") + ";" +
                " bm_sz=" + cookiesMap.get("bm_sz") + ";" +
                " ak_bms=" + cookiesMap.get("ak_bms") + ";" +
                " _gat_zalga=1;" +
                " mpulseinject=false;" +
                " frsx=" + cookiesMap.get("frsx") + ";" +
                " zsa=" + cookiesMap.get("zsa") + ";" +
                " zsr=" + cookiesMap.get("zsr") + ";" +
                " zsi=" + cookiesMap.get("zsi") + ";" +
                " bm_sv=" + cookiesMap.get("bm_sv") + ";" +
                " _abck=" + cookiesMap.get("_abck") + ";");
        postRequest.setHeader("origin", "https://www.zalando.be");
        postRequest.setHeader("referer", "https://www.zalando.be/checkout/confirm");
        postRequest.setHeader("sec-ch-ua", "\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\"");
        postRequest.setHeader("sec-ch-ua-mobile", "?0");
        postRequest.setHeader("sec-ch-ua-platform", "\"Linux\"");
        postRequest.setHeader("sec-fetch-dest", "empty");
        postRequest.setHeader("sec-fetch-mode", "cors");
        postRequest.setHeader("sec-fetch-site", "same-origin");
        postRequest.setHeader("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36");
        postRequest.setHeader("x-xsrf-token", cookiesMap.get("frsx"));
        postRequest.setHeader("x-zalando-checkout-app", "web");
        postRequest.setHeader("x-zalando-footer-mode", "desktop");
        postRequest.setHeader("x-zalando-header-mode", "desktop");
        eTag = StringUtils.chop(eTag);
        eTag += "\\";

        String jsonString = "{\"checkoutId\":\"" + checkoutID + "\"," +
                "\"eTag\":" + "\"\\" + eTag + "\"" + "\"" + "}";

        System.out.println(jsonString);

        StringEntity entity = new StringEntity(jsonString);

        postRequest.setEntity(entity);

        long startTime = System.currentTimeMillis();
        HttpResponse response = httpClient.execute(postRequest);
        long elapsedTime = System.currentTimeMillis() - startTime;
        System.out.println("Time taken : "+elapsedTime+"ms");

        InputStream is = response.getEntity().getContent();
        Reader reader = new InputStreamReader(is);
        BufferedReader bufferedReader = new BufferedReader(reader);
        StringBuilder builder = new StringBuilder();
        while (true) {
            try {
                String line = bufferedReader.readLine();
                if (line != null) {
                    builder.append(line);
                } else {
                    break;
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        System.out.println(builder.toString());
        System.out.println("****************");
    } catch (Exception ex) {
        ex.printStackTrace();
    }
}

Please trim your code to make it easier to find your problem. Follow these guidelines to create a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). — Community, Sep 21 '22 at 15:04

TOMMASO26175 · Answer 1 · 2022-10-17T15:09:34.040

0

This means that Akamai (the provider that zalando uses for bot protection), has detected and stopped your request because it detected you as a bot. To avoid this "stop" you MUST send a valid _abck cookie, generated by passing sensor data to the zalando akamai endpoint( you can find using chrome devtools and analyzing the requests )

edited Oct 17 '22 at 15:09

answered Sep 21 '22 at 13:32

TOMMASO26175

31
7

"recaptcha": and "sitekey": say it! – Samuel Marchant Sep 21 '22 at 14:55
As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – abdo Salm Sep 26 '22 at 18:53

Akamai Bypass (Java)

1 Answers1