Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sachinsenal0x64/backstripe

⚙️ Automate Stripe Payments Flexible Way Reverse-Engineered-API
https://github.com/sachinsenal0x64/backstripe

api backstripe checkout decryption enthusiast flexible invoice payments python reverse-engineering stripe

Last synced: 2 months ago
JSON representation

⚙️ Automate Stripe Payments Flexible Way Reverse-Engineered-API

Awesome Lists containing this project

README 

        


   

  stripe




# BACKSTRIPE



🔓 You have ability to decrypt the checkout URLs and restore them to their original form. (ENCRYPT + DECRYPT) and Stripe Checkout Session to grab Payment information.








## 🧾 Use Cases



- 🦾 Automation

- 🤸🏻 Flexible

- 🏞️ Use out of the scope (EX: BOTS)







## 🧾 The NutShell



On May 5, 2023, Stripe.com added security measures by using an XOR algorithm to encrypt the client-side key (pk-key) and base64 for the checkout URL. This encryption makes automating tasks with the checkout URL challenging. While automation libraries like Selenium can extract the pk-key, it's slow and not how stripe.com handles the backend. To overcome this, I spent time reverse engineering Stripe API & finding the correct decryption key, using a simple brute force method testing numbers 0 to 1000. The correct key turned out to be 5, allowing for a straightforward Python code to decrypt and build a checkout session in a reverse way.







## 🔑 GAME CHANGER 



ACTUAL SIMPLE DECRYPTING PART (AFTER THE DECODE)



Please refer to [stripe.py](https://github.com/sachinsenal0x64/stripe-reverse-checkout-session/blob/main/stripe.py).



```Python

# DECODE



print("Decoded PK value:", decoded_pk)



# ASSIGN



dry = ""



# DECRYPT WITH VALUE 5



for c in decoded_pk:

    dry += chr(5 ^ c)



print("Decoded ck value:", ck)



print("Decrypted PK value:", dry)



```