Captcha harvesting for Supreme example

supreme-captcha-harvester.js

'use strict';

const {Harvester} = require('captcha-manager');
const request = require('request-promise-native');

const harvester = new Harvester();

const availableCaptchaResponseTokens = [];

const siteKey = '6LeWwRkUAAAAAOBsau7KpuC9AV-6J8mhw4AjC3Xz';
const captchasPerMinute = 5;

async function harvest(){
    for(let i = 0; i < captchasPerMinute; i++){
        availableCaptchaResponseTokens.push(await harvester.getResponse('supremenewyork.com', siteKey));
    }
}

setInterval(harvest, 60000); // harvest every 60 seconds
harvest(); // start harvesting as soon as the script starts

async function checkout(){
    const captchaResponseToken = availableCaptchaResponseTokens.shift(); // returns an available captcha response token or undefined if there are none available
    if(captchaResponseToken === undefined){
        console.log('No available captcha response tokens');
        return false;
    }
    try{
        // body will be the parsed JSON object from the response body
        const {statusCode, body} = await request({
            method: 'POST',
            url: 'https://www.supremenewyork.com/checkout.json',
            gzip: true,
            resolveWithFullResponse: true,
            json: {
                'g-recaptcha-response': captchaResponseToken,
                'utf8': '✓',
                'authenticity_token': '',
                'order[billing_name]': '',
                'order[email]': '',
                'order[tel]': '',
                'order[billing_address]': '',
                'order[billing_address_2]': '',
                'order[billing_address_3]': '',
                'order[billing_city]': '',
                'order[billing_zip]': '',
                'order[billing_country]': '',
                'same_as_billing_address': 1,
                'store_credit_id': '',
                'credit_card[type]': ''
                'credit_card[cnb]': '',
                'credit_card[month]': 10,
                'credit_card[year]': 2017,
                'credit_card[vval]': '',
                'order[terms]': 1,
                'hpcvv': ''
            }
        });
        if(statusCode !== 200){
            console.log('Status code ' + statusCode);
            return false;
        }else{
            console.log('Cart status: ' + body.status);
            return true;
        }
    }catch(error){
        console.log('Could not checkout: ' + error.message);
        return false;
    }
}

Hey, I don't have a lot of experience in node.js and web dev in general but I am working on my own supreme bot. I think I have everything but the captcha down and have a couple of questions. First, a call to getResponse needs a website and a sitekey, how did you obtain supreme's sitekey? Isn't it supposed to be private?

There is a private key and a public key. The site key I'm referring to is the public key which you can find on any page of the site that has a reCAPTCHA box.

Also on the npm page for captcha manager it says in the setup section that "you have to edit your hosts file. You'll need to add a new entry for each website you'll be getting captcha tokens from. For example, if you'll be getting tokens from adidas.com, you have to add this to your hosts file: 127.0.0.1 localapi.adidas.com". What is this used for? And How do I determine the right one for supreme?

Because the captchas will be filled in on a page that is hosted locally (127.0.0.1), we need to trick the browser into thinking that they are actually being filled in on a page that is hosted by the site that will be using them. In this case, that site is Supreme. So we will map 127.0.0.1 to localapi.supremenewyork.com in the hosts file of your computer.

I stopped playing around with this stuff a long time ago though, I'm not sure if it will work anymore. The concept is still pretty solid though. Also, I believe Supreme check the sub-domain as well when validating captcha tokens so I'm not sure if this would work with Supreme anyway.

Kavuti I'm working on one at the moment. Did you ever figure it out? I have found other working checkout methods but have not tested any proof of concept as far as harvesting beforehand goes.

@kickdoor
No, i didn't go through this. It's still interesting me but it's not what i am working on. If you want some help contact me via email at
[email protected]
I will be available to find a method.

Sure. I will contact you later this evening. I've figured out pretty much all of it but I wouldn't mind exchanging info and seeing what we come up with. Thanks!

@kickdoor I'd take a look at CaptchaHarvester. It doesn't have to mess with your hosts file at all.