Google API w/o Paying - I'm stuck.

Status
Not open for further replies.
xmcp123

xmcp123

New member
Sep 20, 2007
4,145
95
0
Not Louisiana
www.slightlyshadyseo.com
Ok. So I want to use the Adwords API, but would prefer to avoid paying (considering the volume of requests I'd be doing). Since they're probably changing adwords interfaces soon (the beta version), I ruled CURL out since they'd break all the regular expressions anyways.
Here's what I've tried so far.


  • The whole mother fucker transmits data over SSL, so sniffing is out.
  • The "proxy" mode in adwords editor doesn't work (can't request data) if you use the proxy option. So man in the middle is out as well.
  • Certificate doesn't validate using socksifier/local socks proxy.
  • Tried fudging the DNS so adwords.google.com pointed to localhost, then set up a reverse proxy (that can decrypt SSL) running on localhost:443, forwarding to the adwords https IP. Once again, no validation.

Anyways...
So I figured that adwords editor (desktop) was probably a good bet. Dug in all morning with a debugger and disassembler.


  • Their app is quite obviously using CURL and the adwords API itself. Presumably without charges.
  • I'm good enough at reading the debugger data to get the gist of what's happening in there, but not good enough to emulate it
If Anyone Else Wants to Dig in (I'd appreciate you sending your results)

  • ape.dll seems to handle a lot of the requests. It's wherre you'll find all the different variables and API post locations
  • It's running a modified version of a browser in it, so there's a lot of junk data to navigate around.

So more or less I'm in a rut, and can't get past where I am. Anyone here have experience or ideas?
 


I'm interested in this too, I've been sniffing the headers a bit. Looks like the new interface uses the API too- maybe there's way to spoof your app as the web interface and get free API access.
 
Macros?

this might be a silly solution, I have used this with a variety of websites and it works great although there might be a bit of coding involved..

Perhaps using a macros software such as ruby's watir gem..

I have used this in the past, it is very fast and reliable and can access most elements in the dom.

Dunno, just another perspective on how to do it..
 
Have you figured out the browser client name and port that gets sent in the headers of the request? Would be kind of funny if that's all you had to change but it's doubtful.
 
jvincent said:
ygpm
Click to expand...
Gracias :)
kblessinggr said:
Hehe, I guess this would kinda count as blackhat eh.
Click to expand...
Heh. It's ma roots.
machinecontrol said:
I'm interested in this too, I've been sniffing the headers a bit. Looks like the new interface uses the API too- maybe there's way to spoof your app as the web interface and get free API access.
Click to expand...
Well, that'd most likely be a CURL script. Problems are one web inteface is on the way out, and one is still under development. So maintaining the regex's necessary to pull the data would be a major pain.
aces1up said:
this might be a silly solution, I have used this with a variety of websites and it works great although there might be a bit of coding involved..

Perhaps using a macros software such as ruby's watir gem..

I have used this in the past, it is very fast and reliable and can access most elements in the dom.

Dunno, just another perspective on how to do it..
Click to expand...
Yeah under ordinary circumstances that'd be workable. Only problems are it doesn't give the level of control (or error checking) that I'm comfortable with when. Plus this is going to be a lot of requests.
However you got me thinking. You can use Windows Hooks to control outside applications, simulate button/menu clicks, etc. It may be possible to macro it in that sense, so the script is sending back the commands to the exe doing the hooks. CSV import/export is really all you'd need.
Not to mention I've dug through the files enough to know the database structure they're using in their internal sqlite database.
BradleyT2p2 said:
Have you figured out the browser client name and port that gets sent in the headers of the request? Would be kind of funny if that's all you had to change but it's doubtful.
Click to expand...
That's part of the problem. SSL is a serious pain to decrypt. Right now (if going through a proxy) the one command it will send out that's readable is from the HTTPS proxy protocol ("CONNECT adwords.google.com:443")


Thanks for the input so far all, keep it coming :) Gettin a few ways/combos this may be doable.
 
Status
Not open for further replies.
Top Bottom