Programmatically login to Amazon with C#

Question

I want to login to Amazon seller central programmatically with C#. I don't want to use Amazon Web Services.

Here is what I have done so far:

private void button1_Click(object sender, EventArgs e)
{
    string appURL = "https://sellercentral.amazon.com/gp/sign-in/sign-in.html/ref=xx_login_lgin_home";
    string strPostData = "protocol=https&action=sign-in&email=test%40gmail.com&destination=https%3A%2F%2Fsellercentral.amazon.com%2Fgp%2Fhomepage.html%3Fie%3DUTF8%26%252AVersion%252A%3D1%26%252Aentries%252A%3D0&optin=1&ouid=01&password=ntest&sign-in-button=&metadata1=SIsVVcIUMA1uElSK%2BySsVuCX1YuhcTji35ShGdQ%2Fd4ipBgkh6qW6HcPfyVu4dbOFdZiErWz%2F9OumR%2FfeVnrNSUUSEkIokrMPxYFPtZTlfJc44D8hWHpewjOs5TF4NIDyehvkc5eHJ8GsDbiUSdBtOq4iBnIpkIpAodIzIVFHK%2FQJJICA9n%2F8abB4XfwODJrI7YSa1gwCMrJbh0wvpAW5%2B%2BHecdjA5Bin8slkBqj9LQG%2FfSrTXlAGPsW21qV2ba4kej5xdjytVTELVqnLPB9Fc1Z%2FR98qDpBkQ%2F2lM3EV4POoe0nsAMALomqvOhOkIInqp14Ic%2BxJU35hX89rIhmSQMpL1WtMGE%2F9A2ebmHV%2BzlW0tUZIfxyupg2MiNJIeg1uNqBhBT8duYyKp0n3d5gYOnhxYCQTqR297AV%2FDAdHSlbrJRT5HX9spg9RyHSTDLiGvhy1BaK0LIzvR%2Bj786i4Z%2FCGBpb31XcXrFx9uDe8rxtNRLFiDXqxUCCf8hTBEhtyYriB2%2FlZAvoIRyAZMLDYykncALiRVPOWkQX%2FQjZUu6M6bBfqaQ6ODQlbc0j9V2FZ%2BEQng456mQmUOoO5";

    // Setup the HTTP request.
    HttpWebRequest objWebRequest = (HttpWebRequest)WebRequest.Create(appURL);
    objWebRequest.Method = "POST";
    objWebRequest.AllowAutoRedirect = true;
    objWebRequest.CookieContainer = new CookieContainer(); //Enable Cookie
    objWebRequest.ContentLength = strPostData.Length;
    objWebRequest.ContentType = "application/x-www-form-urlencoded";
    objWebRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)";

    // Post to the login form.
    StreamWriter swRequestWriter = new
        StreamWriter(objWebRequest.GetRequestStream());
    swRequestWriter.Write(strPostData);
    swRequestWriter.Close();

    // Get the response.
    HttpWebResponse objWebResponse =
        (HttpWebResponse)objWebRequest.GetResponse();

    // Read the response
    StreamReader srResponseReader = new
        StreamReader(objWebResponse.GetResponseStream());
    string strResponseData = srResponseReader.ReadToEnd();
    srResponseReader.Close();

    // Display the response.
    webBrowser1.DocumentText = strResponseData;
}

When I execute it I get as a response the login page and don't login... Why? What I am doing wrong? I use to display the html response a web browser.

My goal is to login and then search some products in my inventory in seller central. How to do this and keep sessions and cookies on other webrequests I will do?

Answer 1

They [Amazon] have numerous Javascripts on the page. The whole purpose of these scripts seems to be to prevent people doing what you are trying to do.

The manipulate the form data and call various other page assets. Amazon then use those other assets calls and the manipulated data to determine if the request is from a legitimate browser or something trying to emulate a browser.

It's a security measure to stop seller accounts being capable of a brute-force hack attack, etc.

The JS snippets are purposefully obfuscated to prevent you from easily reverse engineering them, but of course nothing is impossible when you apply knowledge, patience and tenacity.

If you want to pursue this then I would recommend reverse engineering the JS on the page and then emulate what those pieces if code do with the form values, etc. and also emulate the other asset calls, along with relative timing flow. Pay attention to cookies being secretly set in image or remote script headers, and ensure your cookie jar for your script is always behaving properly.

These anti-emulation techniques are used regularly to prevent bot networks from emulating clicks on PPC networks. They are not fool proof nor are they unbreakable, but it will take you considerable time to get it working.

Honestly, if your not happy with the programming styles or functionality of C# libraries they provide, then you may be best building your own library to utilise the Amazon Marketplace Web Services.

In the long run you'll have a much more stable toolkit that wont need updating regularly.