Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cawfree/opensea-submarine
Ping. Ping. Ping.
https://github.com/cawfree/opensea-submarine
erc1155 erc721 ethereum exploit nft opensea seaport
Last synced: about 2 months ago
JSON representation
Ping. Ping. Ping.
- Host: GitHub
- URL: https://github.com/cawfree/opensea-submarine
- Owner: cawfree
- License: mit
- Created: 2022-07-22T15:19:25.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-13T20:29:23.000Z (almost 2 years ago)
- Last Synced: 2024-10-12T23:37:23.469Z (2 months ago)
- Topics: erc1155, erc721, ethereum, exploit, nft, opensea, seaport
- Language: TypeScript
- Homepage:
- Size: 103 KB
- Stars: 31
- Watchers: 3
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
> ⚠️ This repository is __deprecated__.
>
> The technique of __Same-Origin-Resource-Crossing__, which this repository demonstrated can be used to attain access to closed-off APIs, has been generalized in [`@cawfree/sameorigin`](https://github.com/cawfree/sameorigin).# opensea-submarine
[watch me breakdown](https://twitter.com/cawfree/status/1550505696747307013)
[__OpenSea__](https://opensea.io) is the world's foremost NFT marketplace which takes great care to protect its API from abuse by [__ETH__](https://ethereum.org/en/)-hungry robots who are desperate to discover profit opportunities the fastest.
OpenSea makes this task difficult in a number of ways:
- Any request to the backend must be precisely-defined to satisfy strong [__CloudFlare__](https://www.cloudflare.com/en-gb/) protection.
- Robust client-side session management and adherence imposes additional complexity during request formation which dramatically complicates attempts to programmatically `fetch` the API.
- The backend enforces that the structure of an individual request must resolve to a known checksum.If that wasn't enough, the successfully returned contents of pages rendered by OpenSea's [__SPA__](https://en.wikipedia.org/wiki/Single-page_application) are highly obfuscated to make the task of [_manual scraping_](https://github.com/cawfree/opensea-floor-looks-rare) slow, unreliable and limited in scalability.
By using a [_stealthy_](https://www.npmjs.com/package/puppeteer-extra-plugin-stealth) flavour of [__Puppeteer__](https://developer.chrome.com/docs/puppeteer/), this repository demonstrates that a user can __hijack__ client-side [GraphQL](https://graphql.org/) requests and repurpose them for custom queries. This enables the client to squat on the complex trusted setup and abstract away request complexity.
## 🚀 getting started
Using [__Yarn__](https://yarnpkg.com/):
```bash
yarn add opensea-submarine
```## ✏️ usage
This package exports an [__Express__](https://github.com/expressjs/express) middleware which emulates a conventional GraphQL interface. GraphQL requests captured by the middleware are validated, sanitized and curried over into OpenSea's backend via request-squatting:
```typescript
import cors from 'cors';
import express from 'express';
import axios from 'axios';import {proxyMiddleware} from 'opensea-submarine';
const openSeaEnvironment = {
graphQLUri: 'https://opensea.io/__api/graphql/',
eventHistoryUri: 'https://opensea.io/collection/boredapeyachtclub?tab=activity',
privacyUri: 'https://opensea.io/privacy',
};const proxyContext = await createProxyContext(openSeaEnvironment);
const server = await new Promise(
async resolve => {
const server = express()
.use(cors())
.use(await proxyMiddleware({
debug: true,
proxyContext,
}))
.listen(3000, () => resolve(server));
},
);
```Then you're free to query the middleware using queries that are recognized by OpenSea:
```typescript
import axios from 'axios';const {data} = await axios({
url: 'http://localhost:3000/graphql',
method: 'post',
data: {"query":"query useIsEditableQuery(\n $collection: CollectionSlug!\n) {\n collection(collection: $collection) {\n isEditable\n id\n }\n}\n","variables":{"collection": "boredapeyachtclub"}},
});// {"collection":{"isEditable":false,"id":"Q29sbGVjdGlvblR5cGU6NDg4NjIx"}}
```You can check out the [__examples__](./scripts/start.ts) for additional insight.
Developers are reminded that the query content and `x-signed-query` header must be __identical__ to real `graphql/` requests sourced from OpenSea, which can be found in your browser's __Networking__ tab.
By contrast, request `variables` are permitted to change freely.
## ✌️ license
[__MIT__](./LICENSE)