Question: Still working?

Question

Question: Still working?

dcworldwide opened this issue 8 years ago · 4 comments

I'm glad someone has done the hard work to research this technique. I was wondering if someone would be so kind to let me know if it still works? Thanks

dcworldwide commented 7 years ago

Thanks

Answer 1 · 2017-05-09T11:57:05.000Z

I've observed requests to auth/admin using chrome. Request headers sent from chrome to server are listed below.

Appear shopify is using google catcha, does this mean that this lib no longer works?

authenticity_token:Nv56TdgYlKNVV53ekwH4MygOgwqmdfasfadfasdfasLBrNERF60SmZrWMeHEZk76cssOWv3uM/XN5kNJ201WostqHc2Fw==
redirect:
login:myemail
password:dfasdf
g-recaptcha-response:03AIezHSavH4kSWsTs1eiQe1oPWhOYyBauX6ZIo5e9Gcu3vEAsgsWyIxjSztKPOqbQqYPOXaBRW2lyA4pbXaFLV_WXHm_znUNNpPI2U_Y28gtE-J3wLK48yF6DnrNW9P0YTW3b7B2NOKRlrzIBDgQmbpExPKgdwfjxWrHCzKRzZlZb1rU_VNl6rNDZc7MHJqsLiobttKey0a20QpEqjKYgC-LejGU0TcDBh9d324-49tvwNATIz-BTr67HqGPE1DUFnY5ErCNxshAdu3SZeaUOUeKf2l3_Ps_D3unNUsxqCeQNyM_ZgXKGorntXgcSqL65FmcNq2vgEy8v
commit:Log in

Answer 2 · 2017-05-30T16:40:08.000Z

Im using this component for my API and its still working. It still has its flaws every now and then so I would test it. Use the component from bdunlap, you can find it here. All thought I would suggest looking for another component like THIS one.

Good Luck :D

Answer 3 · 2018-02-16T22:33:58.000Z

Still works to the best of my knowledge- I no longer work for the company I made it for, though. I merged Ben's fix-- the phpclassic one looks much more actively maintained, this is probably best for learning purposes now -- blog post is here: https://ma.rtin.so/reverse-engineering-shopify-private-apis!