#!/usr/bin/env python3 """Find API endpoint using a valid lot from database""" import asyncio import sqlite3 from playwright.async_api import async_playwright # Get a valid lot URL conn = sqlite3.connect('/mnt/okcomputer/output/cache.db') cursor = conn.execute("SELECT url FROM lots WHERE url LIKE '%/l/%' LIMIT 5") lot_urls = [row[0] for row in cursor.fetchall()] conn.close() async def main(): async with async_playwright() as p: browser = await p.chromium.launch(headless=True) page = await browser.new_page() api_calls = [] async def log_response(response): url = response.url # Look for API calls if ('api' in url.lower() or 'graphql' in url.lower() or '/v2/' in url or '/v3/' in url or '/v4/' in url or 'query' in url.lower() or 'mutation' in url.lower()): try: body = await response.text() api_calls.append({ 'url': url, 'status': response.status, 'body': body }) print(f"\nAPI: {url}") except: pass page.on('response', log_response) for lot_url in lot_urls[:2]: print(f"\n{'='*60}") print(f"Loading: {lot_url}") print(f"{'='*60}") try: await page.goto(lot_url, wait_until='networkidle', timeout=30000) await asyncio.sleep(2) # Check if page has bid info content = await page.content() if 'currentBid' in content or 'Current bid' in content or 'Huidig bod' in content: print("[+] Page contains bid information") break except Exception as e: print(f"[!] Error: {e}") continue print(f"\n\n{'='*60}") print(f"CAPTURED {len(api_calls)} API CALLS") print(f"{'='*60}") for call in api_calls: print(f"\n{call['url']}") print(f"Status: {call['status']}") if 'json' in call['body'][:100].lower() or call['body'].startswith('{'): print(f"Body (first 500 chars): {call['body'][:500]}") await browser.close() if __name__ == "__main__": asyncio.run(main())