Skip to content

⚙️ Automate Stripe Payments Flexible Way Reverse-Engineered-API

License

Notifications You must be signed in to change notification settings

sachinsenal0x64/backstripe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

stripe

BACKSTRIPE

🔓 You have ability to decrypt the checkout URLs and restore them to their original form. (ENCRYPT + DECRYPT) and Stripe Checkout Session to grab Payment information.


🧾 Use Cases

  • 🦾 Automation
  • 🤸🏻 Flexible
  • 🏞️ Use out of the scope (EX: BOTS)

🧾 The NutShell

On May 5, 2023, Stripe.com added security measures by using an XOR algorithm to encrypt the client-side key (pk-key) and base64 for the checkout URL. This encryption makes automating tasks with the checkout URL challenging. While automation libraries like Selenium can extract the pk-key, it's slow and not how stripe.com handles the backend. To overcome this, I spent time reverse engineering Stripe API & finding the correct decryption key, using a simple brute force method testing numbers 0 to 1000. The correct key turned out to be 5, allowing for a straightforward Python code to decrypt and build a checkout session in a reverse way.


🔑 GAME CHANGER

ACTUAL SIMPLE DECRYPTING PART (AFTER THE DECODE)

Please refer to stripe.py.

# DECODE

print("Decoded PK value:", decoded_pk)

# ASSIGN

dry = ""

# DECRYPT WITH VALUE 5

for c in decoded_pk:
    dry += chr(5 ^ c)

print("Decoded ck value:", ck)

print("Decrypted PK value:", dry)