Last week Amazon India had a Treasure Hunt contest which ran for a whole week. The contest was simple, from 10am to 6pm, every hour Amazon would display a clue (image) and you had to guess the product. That particular product would be on sale for ₹1, which also included shipping cost anywhere in India. The contest was app only i.e. image also would be displayed in the app and you had to buy using the app.
Above images show Makey Makey on promo.
Problem was, too many people were participating in the contest and by the time you could guess the product, search it in the app and add to your cart, it would be out of stock. Because quantity of the product on sale was only one. So you had to be very very quick.
Using MITM, I started monitoring the API calls. In one of the calls, I found out the request which was asking for the contest image:
I changed string
Clue6 (after other trial and errors) and I had access to the next clue, even before the contest was live:
Here’s the archived link. Now all I had do was increase the value and get all images.
The clues did not require any authentication or special headers (and that’s how archive.is is able to GET and archive it).