How I'm making 10K/W by proxing a popular website

How I'm making 10K/W by proxing a popular website

We will call our target webiste is a fake name because I'm not going to tell you the real one :) ), this is a popular website which sales a lot of products of several categories you can think in websites like amazon, mercadolibre, whish and others.

Time creating the solution until now: 4 hours , 35 minutes.


We are going to
  • Proxy the website, then we will 
  • change all words tiquito with the new name lolito, then we will 
  • change all price to the double price (our profit)
  • change the payment form with our payment account
  • and finally we will run the reall products
So basically, people will buy any product, pay it to me, then I will buy the products from the original website.

So lets start.

1. Create a fake DNS entry

[email protected]:~# cat /etc/hosts

2. Create apache website entry

We need to activate with a2enmod several modules, for ProxyRequest, to change headers, subtitute.proxypass, alias, and more. 

We need to activate SSLproxyengine to allow to use the certificate in the handshake request, also we need to remove Accept-encoding header, otherwise the data will be transfer zipped and will not be possible to replace the HTML words. 
For the app.js file I'm using Alias because will be more simpler to handle rather that directories. You need to study the original website, to see which variables replace also it is very importante the order of replacement, when you do this kind of tasks, always replace +N words rather than single words for example: replacing "webiste" word will be bad idea because can change "" and other, I suggest to replace more thatn 2 words at time.

[email protected]:~# cat /etc/apache2/sites-available/000-default.conf

    ProxyRequests Off
    Order deny,allow
    Allow from all
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    RequestHeader unset Accept-Encoding

    # we will use this file to any POST operation
    Alias /app.js /var/www/html/app.js

    ProxyPassMatch ^/app.js !
    ProxyPass / https://www.*****.com/
    ProxyPassReverse / https://www.*.com/

    # because a bug we need to inflate ,substitute, deflate
    AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html text/plain text/xml

    Substitute "s|logo|xxxxxxxx_logo_header|i" 

    # We can hide divs for exaple
    Substitute "s|footer-content\"|footer-content\" style='display: none'|i"  

    # SUper important! add our script :) SOME TAGS removed!
Substitute "s|
    Substitute "s|
    # we will use HTTPS of course!! but not from here :) from cloudflare
    Substitute "s|https|http|i" 

    # we will change CDN also! we need to add the entry too 
    Substitute "s|||i" 

    # SO good! lets replace APPS ids.

    #_gaq.push(['_setAccount', 'UA-***-1']);
    Substitute "s|UA-***-1|your-id|i" 

    #_gaq.push(['_setDomainName', '****.com']);  
    Substitute "s|'****.com'|''|i" 

    #fb pixel ID    img.src = ("https:"==document.location.protocol?"https://":"http://")+"****";
Substitute "s|*****|your-id|i" 

    # fb id  
    Substitute "s|*****|your-id|i" 

     # wuju, the website name
    Substitute "s|website-name|your-new-website|i"

# and then we add the rest of subdomains like CDN with proxy too.

    ProxyRequests Off
        Order deny,allow
        Allow from all
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On" 
    ProxyPass / https://cdn.***.com/
    ProxyPassReverse / https://cdn.*****.com/

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Remember to replace all kind of ID apps, you can be banned because if you don't clean the html, will be a lot of requests generating bad errors(domain missmatch) so, remove all app ids, ALL OF THEM. YOu warn! and be prepare to change your ip in case of ban. 

3. We are close to finish, lets add some final POST changes, to our front end, with javascript and jquery.

For my case, I will use Javascript to replace the STRIPE and PAYPAL form ,with my own form.

4. Create a webhook to buy the original items. continue.

0 pensamientos:

Post a Comment