Shop wizard script help

[Onetwo]

I'm attempting to bypass having to open the shop pages from the shop wizard and having to click the item link to buy the item. I'm using tampermonkey. Currently I'm getting the link the the user shop, find the item I want to buy and extracting the link. The link looks something like this

Code:

https://www.neopets.com/buy_item.phtml?lower=0&owner=USER&obj_info_id=77146&g=1&xhs=65rsnprr&old_price=2&feat=77146,2,1&_ref_ck=681aab1d676214dcbb6b240bbd52786c

When I attempt to submit, fetch, ect that link I get this error

Code:

Error: You have been directed to this page from the wrong place! If you KEEP getting this error, chances are you have some security settings enabled that are not letting you play Neopets correctly.

These are three of my attempts:

Code:

// 1) Open the URL in the current tab
window.location.href = fullUrl;


// 2) Create a temporary anchor element
const tempAnchor = document.createElement('a');
tempAnchor.href = fullUrl;

// Simulate a click event on the temporary anchor element
tempAnchor.click();


// 3) Open the URL in a new tab using GM_openInTab
GM_openInTab(link, { active: true });

But all of them result in the same error. My next idea was to directly open the link it a background tab/instance and simulate some kind of a manual click on the item.... But I don't know why I need to do it this way or if it will even work. I'm not sure what security feature this is and I don't know how the link on the shop page is supposed to work. Even when I'm ON that exact page if I inspect the link and directly click the link I get the error.

I assume that when I inspect the HTML of the page and manually click on the link, I might be bypassing certain checks or conditions that the website has put in place.

Can someone help me solve this issue or have any insights on how to get around this error?

(30 mintues later)
I noticed that if I print tempAnchor element I get this

Code:

<a href="buy_item.phtml?lower=0&amp;owner=unwaanted&amp;obj_info_id=77146&amp;g=1&amp;xhs=65rso632&amp;old_price=2&amp;feat=77146,2,1&amp;_ref_ck=681aab1d676214dcbb6b240bbd52786c" onclick="if ( !confirm ('Are you sure you wish to buy Checkered Faerie Blumaroo Plushie at 2 NP?') ) { return false; }"><img src="https://images.neopets.com/items/plu_check_faeblumaroo.gif" width="80" height="80" title="This delightfully soft Checkered Faerie Blumaroo Plushie is a pleasure to cuddle with." border="1"></a>

Notice the confirmation event handler! That seems interesting...

So I tried this

Code:

                
// Step 1: Programmatically click the anchor element within the fetched document's context
firstAnchor.click();

// Step 2: Monitor for the confirmation dialog and programmatically confirm it within the fetched document's context
firstAnchor.ownerDocument.defaultView.addEventListener('beforeunload', function(e) {
                    // Check if the event is triggered by the confirmation dialog
                    if (e.target.activeElement.tagName === 'BODY') {
                        // Programmatically confirm the dialog
                        return true;
                    }
                });

An it gives the error "TypeError: Cannot read properties of null (reading 'addEventListener')"

[Shawn]

Regarding, your first method:
Did you set the referrer url for the item purchase link?

I don't have access to my usershop buyer script right now but i believe you need to set the referrer url for your request.
Just go make a legit purchase from a usershop and log that request and look at the referrer url.

[j03]

Error: You have been directed to this page from the wrong place! If you KEEP getting this error, chances are you have some security settings enabled that are not letting you play Neopets correctly.

Typically, this error comes up when you are not sending the correct referrer.

[Onetwo]

Regarding, your first method:
Did you set the referrer url for the item purchase link?

I don't have access to my usershop buyer script right now but i believe you need to set the referrer url for your request.
Just go make a legit purchase from a usershop and log that request and look at the referrer url.

Typically, this error comes up when you are not sending the correct referrer.

Great, so I gave your advice a try. I'm doing a fetch on this

Code:

https://www.neopets.com/buy_item.phtml?lower=0&owner=dpfort&obj_info_id=77146&g=1&xhs=65s049os&old_price=1&feat=77146,1,1&_ref_ck=5434a7d089f0dcf6462fd912dc28b809

With the referrer set as

Code:

https://www.neopets.com//browseshop.phtml?owner=dpfort&buy_obj_info_id=77146&buy_cost_neopoints=1

The code looks like

Code:

fetch(url, {
	referrer: refer,
})
	.then(response => {
	// Check if the response is successful
	if (!response.ok) {
		throw new Error('Network response was not ok');
	}
	// Parse the response as text
	console.log("response.text()",response.text());
	return response.text();
})

And the response is the same error response. I'm trying to copy this network log from a real purchase

Code:

https://www.neopets.com/buy_item.phtml?lower=0&owner=missmessye&obj_info_id=77146&g=1&xhs=65s03n2p&old_price=2&feat=77146,2,1&_ref_ck=5434a7d089f0dcf6462fd912dc28b809
Request Method:
GET
Status Code:
302 Found
Remote Address:
23.205.106.160:443
Referrer Policy:
strict-origin-when-cross-origin

https://www.neopets.com/browseshop.phtml?owner=missmessye&buy_obj_info_id=77146&buy_cost_neopoints=2
Sec-Ch-Ua:
"Chromium";v="122", "Not(A:Brand";v="24", "Brave";v="122"

---------- Post added at 06:58 AM ---------- Previous post was at 06:33 AM ----------

The network log has these interactions

Code:

fetch("https://www.neopets.com/buy_item.phtml?lower=0&owner=dpfort&obj_info_id=77146&g=1&xhs=65s04r6q&old_price=1&feat=77146,1,1&_ref_ck=5434a7d089f0dcf6462fd912dc28b809", {
  "headers": {
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
    "accept-language": "en-US,en;q=0.9",
    "sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
    "sec-fetch-dest": "document",
    "sec-fetch-mode": "navigate",
    "sec-fetch-site": "same-origin",
    "sec-fetch-user": "?1",
    "sec-gpc": "1",
    "upgrade-insecure-requests": "1"
  },
  "referrer": "https://www.neopets.com/browseshop.phtml?owner=dpfort&buy_obj_info_id=77146&buy_cost_neopoints=1",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": null,
  "method": "GET",
  "mode": "cors",
  "credentials": "include"
});



fetch("https://www.neopets.com/browseshop.phtml?owner=dpfort&buy_obj_info_id=77146&buy_cost_neopoints=1&lower=0", {
  "headers": {
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
    "accept-language": "en-US,en;q=0.9",
    "sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
    "sec-fetch-dest": "document",
    "sec-fetch-mode": "navigate",
    "sec-fetch-site": "same-origin",
    "sec-fetch-user": "?1",
    "sec-gpc": "1",
    "upgrade-insecure-requests": "1"
  },
  "referrer": "https://www.neopets.com/browseshop.phtml?owner=dpfort&buy_obj_info_id=77146&buy_cost_neopoints=1",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": null,
  "method": "GET",
  "mode": "cors",
  "credentials": "include"
});

So now I'm doing things that I have no clue if it's right or not haha. This code does not work

Code:

                // Fetch request to buy the item
                fetch(url, {
                    "headers": {
                        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
                        "accept-language": "en-US,en;q=0.9",
                        "sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"",
                        "sec-ch-ua-mobile": "?0",
                        "sec-ch-ua-platform": "\"Windows\"",
                        "sec-fetch-dest": "document",
                        "sec-fetch-mode": "navigate",
                        "sec-fetch-site": "same-origin",
                        "sec-fetch-user": "?1",
                        "sec-gpc": "1",
                        "upgrade-insecure-requests": "1"
                    },
                    "referrer": refer,
                    "referrerPolicy": "strict-origin-when-cross-origin",
                    "body": null,
                    "method": "GET",
                    "mode": "cors",
                    "credentials": "include"
                }).then(response => {
                    // Handle the response
                    // Check if the response is successful
                    if (!response.ok) {
                        throw new Error('Network response was not ok');
                    }
                    // Parse the response as text
                    console.log("response.text()",response.text());
                    //return response.text();
                }).catch(error => {
                    console.error('Error:', error);
                });



                // Fetch request to browse the shop
                console.log("link + &lower=0",refer + "&lower=0");

                fetch(link + "&lower=0", {
                    "headers": {
                        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
                        "accept-language": "en-US,en;q=0.9",
                        "sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"",
                        "sec-ch-ua-mobile": "?0",
                        "sec-ch-ua-platform": "\"Windows\"",
                        "sec-fetch-dest": "document",
                        "sec-fetch-mode": "navigate",
                        "sec-fetch-site": "same-origin",
                        "sec-fetch-user": "?1",
                        "sec-gpc": "1",
                        "upgrade-insecure-requests": "1"
                    },
                    "referrer": refer,
                    "referrerPolicy": "strict-origin-when-cross-origin",
                    "body": null,
                    "method": "GET",
                    "mode": "cors",
                    "credentials": "include"
                }).then(response => {
                    // Handle the response
                }).catch(error => {
                    console.error('Error:', error);
                });

[Shawn]

I have this in my code from last time, not sure if it works now
Try referrer as

Code:

http://www.neopets.com/browseshop.phtml
or
https://www.neopets.com/browseshop.phtml

If it doesn't then I've got to update my shop buyer

[Nyu]

This one worked for me

Code:

fetch("/buy_item.phtml?lower=0&owner=USER&obj_info_id=OBJ_ID&g=1&xhs=XHS&old_price=PRICE&feat=FEAT&_ref_ck=REF")
    .then(response => {
        if (response.ok) {      
            return response.text();
        }
        throw new Error('The fetch request failed');
    })
    .then(data => {
        console.log(data);
    })
    .catch(error => {
        console.error('Error:', error);
    });

Alternatively, you could make a hidden iframe and interact with the page in it, I do that in some of my scripts.


Edit:
Nevermind, I think its because i made the fetch directly from the shop page

[Onetwo]

I have this in my code from last time, not sure if it works now
Try referrer as

Code:

http://www.neopets.com/browseshop.phtml
or
https://www.neopets.com/browseshop.phtml

If it doesn't then I've got to update my shop buyer

That worked!! Why does the referrer have to be this rather then what I'm seeing on the network logs?

Thank you!

- - - Updated - - -

This one worked for me

Code:

fetch("/buy_item.phtml?lower=0&owner=USER&obj_info_id=OBJ_ID&g=1&xhs=XHS&old_price=PRICE&feat=FEAT&_ref_ck=REF")
    .then(response => {
        if (response.ok) {      
            return response.text();
        }
        throw new Error('The fetch request failed');
    })
    .then(data => {
        console.log(data);
    })
    .catch(error => {
        console.error('Error:', error);
    });

Alternatively, you could make a hidden iframe and interact with the page in it, I do that in some of my scripts.


Edit:
Nevermind, I think its because i made the fetch directly from the shop page

I wasn't familiar with iframes until your response. I think that will make some of my future scripts easier. Thank you

[Shawn]

That worked!! Why does the referrer have to be this rather then what I'm seeing on the network logs?

Thank you!

I cant look at Neo atm, but if I managed to figure it out in the past, it's gotta be easy I guess LOL
Or perhaps someone else could explain it in the mean time

[nataurs]

With the referrer set as

Code:

https://www.neopets.com//browseshop.phtml?owner=dpfort&buy_obj_info_id=77146&buy_cost_neopoints=1

Looks like you might have mistyped the referrer with two forward slashes

[Onetwo]

Looks like you might have mistyped the referrer with two forward slashes

You, sir, are exactly correct!