How a Sneaker Bot Earned $2M Profit from One Shoe Drop | F5 Labs
- by nlqip
This particular sneaker bot was creating accounts steadily over time to reduce the chance of them getting detected and the accounts being suspended. Accounts are created in advance of the shoe drop and resellers will populate the account profiles with details such as payment cards and delivery addresses that will be used to checkout. This saves valuable seconds in the checkout process by not having to complete these details during the heat of the shoe drop. How far in advance of the shoe drop the accounts are created depends on the requirements of the retailer. Some retailers require a long-term account or purchase history in order to get access to limited shoe drops. For these retailers, bots are forced to create the accounts far ahead of time. If no such requirement exists, then accounts can be created just a short time before the shoe drop begins. Once created, the accounts will be logged into before the sale begins in order to obtain session cookies for each of their accounts, so as to optimize the process once the shoe drop begins. This is because the process of logging in wastes valuable time and could result in a sneaker bot losing out to other faster sneaker bots. Hence every effort is taken to optimize every single aspect of the process to ensure the best results and profits.
Step 2: Reduce Wasted Time
The most important step in the sneaker bot’s operations is adding the desired inventory to the cart. Most retailers will temporarily withhold inventory once it has been added to cart. This means that once added to a cart, a particular pair of shoes is taken out of inventory temporarily to prevent the same pair being bought by two different customers. It is the sneaker bot’s objective to add as many pairs of shoes to carts as fast as possible. Therefore, the speed with which this can be done is of the utmost importance. In order to maximize their chance of success, resellers using sneaker bots must consider a number of aspects:
- The importance of getting in early and knowing when the shoe drops are happening
- Identifying the target product web page
- Adding desired items to cart as quickly and successfully as possible
The Importance of Getting in Early
The exact start time for shoe drops is usually publicized well in advance of the sale. However, products may be released a few minutes earlier than the advertised times. Resellers therefore start checking the site for the desired product up to thirty minutes before the official shoe drop time and will continue to check at very short intervals to ensure that they are the first to know as soon as the products are available to add to cart.
Identifying the Target Product Web Page
Humans shopping on a retail website typically have to navigate from webpage to webpage. That is to say, they start by typing in the address of the retailer’s homepage and wait for it to load. Then, they may see a banner image advertising the sale. The user clicks on it, waits for another page to load, only to see a list of all sale items. The shopper then needs to search for or browse for the specific item they want before waiting, again, for that item’s web page to load. All of this searching and page loading wastes valuable time for resellers and they have become very good at predicting or discovering the product URL before the launch. This can be done by either viewing marketing material for the sale which often includes the exact web page address (URL), or by examining URL naming conventions for that retailer and guessing at the correct address.
Knowing the correct URL for the item they are targeting allows the sneaker bots to preconfigure their bots to target that URL directly and add that product to the cart directly without ever navigating to, loading or viewing the product page, saving valuable time.
The HTTP “referrer” header, used to indicate the previous web page the client was on, is often useful when examining legitimate and malicious web traffic. In this case, the referrer shows the URL of the webpage the shopper was on when they added an item to their cart. This is typically the address of the product web page when the visitor added it to their cart. In this instance all “add to cart” transactions for this sneaker bot had no referrers. This shows that the “add to cart” request was created on the fly by the bot and was not created from the product page, as would be the case for genuine users. This means that the bot knew ahead of time what product details to add to cart without navigating to the product page first.
Add Items to Cart as Quickly as Possible
As described above, the reseller’s sneaker bots do not navigate the site but, instead, initiate a single transaction, typically an HTTP POST, directly to the “Add to Cart” endpoint. Resellers decide in advance the number, color, and size distribution of the desired inventory. This allows them to configure and hard code these details into the request sent to the “Add to Cart” endpoint. Determining the size, color, and quantity of shoes they will purchase in advance allows the resellers to take pre-orders and program the sneaker bots ahead of time to get the correct specifications of desired shoes.
Figure 4 shows an example of the add-to-cart HTTP transaction to add a specified shoe to the sneaker bot’s cart. The URL contains all the details about the shoe being added to cart including product ID (pid), size, color, style, width and quantity. The sneaker bot is able to create valid add to cart requests for all the required shoes without ever loading the product webpage.
Source link
lol
This particular sneaker bot was creating accounts steadily over time to reduce the chance of them getting detected and the accounts being suspended. Accounts are created in advance of the shoe drop and resellers will populate the account profiles with details such as payment cards and delivery addresses that will be used to checkout. This…
Recent Posts
- Leveraging Wazuh for Zero Trust security
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks