Trying to submit a payment, to a 3rd party payment gateway, through POST request :S

Question

I am mimicing a user buying a product on a website: www.footlocker.dk. All that works fine, the HTTP session adds the product to cart, submits delivery information and personal information. However I have gotten to the payment details field, like CardNumber, ExpireMonth, ExpireYear and CVC. I can see this POST request being submitted in Fiddler, when I press the place order button manually.

However the values of my payment information have been encrypted by some javascript on the payment site, so I am unable to see, how they are submitted - that means I can not mimic this POST request in my own program, to finish the order.

The POST request that submits the payment looks like below:

SUBMITS TO ENDPOINT:

https://www.footlocker.dk/api/users/orders/adyen?timestamp=1611850342216

JSON POST-BODY:

{
  "preferredLanguage": "en",
  "termsAndCondition": true,
  "deviceId": "0400JapG4txqVP4Nf94lis1ztlZtWBcopyaUnrp/XmcfWoVVgr+Rt2dAZDBTRGtjJzbbaHjoci9mfzLNc/p/1y9PHkhCTHg+Ms0Qhlz5wlRFwWJi0FRulruXQQGCQaJkXU7GIVTlvSwewS7rEwtO20alTVOiwQNAcAt1k+2RqB7pLlm0Mm+WlZ9H3WRaXzrV/DlB6Yf0/pTJUUx5H73J7OWoNgydKgnOIDKXq4HnEqNOos1c6njJgQh/4vXJiqy0MXMQVHUZjFVALWCMcmjVhyuVdYFO8Jh9loc13GcXvYqG6g9/AoNntrnW1/EViOkl5oC/lU99UoH2xkmTfT0fHtASOVNpC3Z/r4RJ+FMEqKbpAljKJas3DjbfmNmLM17uWY0fNZvlMH4K2bNfq3bGwE2owA1ObvoNZBxkQ1iq1uTKn17MrJkKSmGA0t9uKT78fS9bB2GDXcjpghm9klVFOw7EoYzV7IDBIIRtOCWnMAmlqCrz6D+YNUMLEY530CaM8EgnYIxkTrOGlmKC/wYNvbPpWGE7VDaOZWB8Og9w7I7EUjZQzmeZ0haCTC7oH6vxOQu/JpQYAFUrDlcsqHxMRyMA3chuABxG1NyMp164XJzuFIDBKSaGqH8pKTFdh3l37CKXBlIOn3E5YIdc6njJgQh/4vXJiqy0MXMQOxLdmoenKqPRDDLX2e+wCZ1fN2xHc5V6RMvwb6Q2PAvL9kaL85lzU9YPUST3gTYnndnF9oBO0EuFJ7eNbvVobQHzj486sjgyUO+AInpd+UykzlhvKatVjmsNYyYk/ctdj9Vx2xW1nbvSIBfLN+R0M79MOnRTMthLnHsVWF4lmJwstDDhGcf4uznBcyAkSsy2uwLLNTE9qpz4XGNSvOUTVPP9hlwYbP0H7RDoeOmIGTKRUY1DfwxZZR8cFUL9uLsiABD7fKaFmF1HOvwyiaHWP/wYCL58YnyFO5CLi14h8zUnzqtbxtgjnzbD/ssFgrRT",
  "cartId": "8e02b07e-2a21-417d-b34b-06621164cec0",
  "encryptedCardNumber":xxx,
  "encryptedExpiryMonth":xxxx, 
  "encryptedExpiryYear":xxxx, 
  "paymentMethod": "CREDITCARD",
  "returnUrl": "https://www.footlocker.dk/adyen/checkout",
  "browserInfo": {
    "screenWidth": 1382,
    "screenHeight": 864,
    "colorDepth": 24,
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0",
    "timeZoneOffset": -60,
    "language": "da",
    "javaEnabled": false
  }
}

There are also cookies and headers being sent with this post request, however I am pretty understandable of those, so I am not going to paste them in here. What I am looking for is a way to figure out, how I can send this POST request, in my program, so my payment gets accepted by provider, and the product is ordered. I do not know how to go about this, when I cannot see how to form should look like, with my plain payment details, unencrypted.

Hope someone can help me shred som light onto this, and if anything else is needed from me, let me know!

Regards!

Answer 1

Appears to be encrypting the data client-side. Take a look at the Javascript files and find where it is being encrypted.

I recommend editing this post and removing the encrypted values. It can be decrypted.

Answer 2

That information is sended by the frontend maybe they are using the drop-in component to send back to the API