December 21st, 2020 × #Bots#PS5#Web Scraping
Hasty Treat - How Would We Script a PS5 Buying Bot?
Wes and Scott discuss bot strategies for buying popular, hard to find items like the PlayStation 5, including scraping retailer sites, avoiding bot-prone retailers, and using tools like Puppeteer and LowDB.
- Scott and Wes discuss bot strategies for buying a PS5
- Scott suggests avoiding retailers with easily manipulatable checkout processes
- Wes explains his strategy of scraping retailer sites for availability
- Wes suggests using Puppeteer to scrape sites that don't have APIs
- Wes recommends a simple database like LowDB to save scraped data
- They discuss how reCAPTCHA can prevent bots from submitting forms
- They acknowledge bot traffic frustrates developers trying to manage inventory
Transcript
Announcer
Monday. Monday. Monday.
Announcer
Open wide dev fans. Get ready to stuff your face with JavaScript, CSS, node modules, barbecue tips, get workflows, breakdancing, soft skill, web development, the hastiest, the craziest, the tastiest TS, web development treats coming in hot. Here is Wes, Barracuda, Boss, and Scott, El Torokolinski.
Scott Tolinski
Welcome to Syntax.
Scott Tolinski
In this Monday, hasty treat, we are gonna be talking about bots And specifically around the whole PlayStation 5 buying debacle where people have been trying to buy a PlayStation 5 and unable to because bots.
Scott Tolinski
Dang these bots. It's, gonna be a good one here, and I'm really excited to talk to you about my strategy, which I've listed as Scott's strategy. It's very good. My name is Scott Talinski. I'm a web developer from I keep on I I almost said I'm a level up developer from Level Up Tutorials, and then I almost said I'm a web developer from Level Up Tutorials. I'm a web developer from Denver, Colorado. My name is Scott Talinsky. Yes. I am killing this intro, and with me as always is Wes Bos.
Scott Tolinski
Hey, everybody. Hey, Wes. This episode is sponsored by one of our favorite sponsors over here at Syntax, and that's LogRocket. And now LogRocket, I don't know if you caught on to this, but all of our sponsors are our favorite sponsors in case you're wondering. LogRocket at logrocket.com is a really neat service, And this is actually kind of a funny thing that I wanted to bring up on a side note here. There's been so many times that I've googled something and the LogRocket blog has come up. So they've done a really nice job about writing really good little blog posts here on all sorts of interesting topics, and I'm always very impressed when When that happens, it's like, oh, I Google something in a a service and company that I use is thinking about the same things that I am. So LogRocket at LogRocket dot com is the perfect place to see how your errors and exceptions happen in the same type of real time that they happen for in the client. They give you a scrubbable video replay of the scene of the crime. Imagine that happening.
Scott Tolinski
Who stole the cookies from the cookie jar? That is not a question you have to guess on anymore because you can see who stole the cookies from the cookie jar. And I'm guessing it's my daughter because she's really getting in that pantry right now. She's opened the pantry door and just reaching in and grabbing all that food for herself. So LogRocket atlogrocket.com, gives you a session replay of the errors, bugs, and exceptions happening in real time, works with all the stuff you know and love. So check it out at logrocket f. .Com.
Scott Tolinski
Okay. So this is the 311th episode, and I'm really excited.
Scott Tolinski
I'm a little all mixed up, but I am down to do some of these. I'm not I'm trying to do 3 11 lyrics here. Bear with me. So let's talk about our strategies for creating a bot. Let's say we wanted a PlayStation 5. Right? Here's a scenario. I really want a PlayStation 5, but, Oh, these dang bots are clicking on them. How do I fight back with my own bots? This is gonna be a bot on bot war here. So let's go into Scott's strategy first. Here's my strategy. And I just wanna say that out of the 2 of us here, I'm the only one with the PS 5 right now, so I think my strategy is the one to go with, and so I'm just gonna say that. So here's Scott's strategy is, Well, I don't know how to do bots because I've never made a bot for anything in my entire life. So I'm going to go to ps5.reddit.com, And I'm going to refresh the page on the day that preorders go live, and then I'm going to find the the first link from Amazon .com, and I'm gonna click it. And I'm gonna Click go as fast as possible and get a preorder because, let me tell you, preordering is definitely the way to go in any of these scenarios. Now, unfortunately, we are long past The, the time in which preordering would have been even possible.
Scott and Wes discuss bot strategies for buying a PS5
Scott Tolinski
Now the bummer here is that so many of these services and these Crappy things like Walmart's online presence. Right? Walmart wants to play with the big boys, but their online site allows people to to code up bots to to buy these things.
Scott suggests avoiding retailers with easily manipulatable checkout processes
Scott Tolinski
Now what I'm gonna do is I'm gonna stay far away from any site that has a checkout process that can be manipulated with a bot Easily. I would say that because I'm sure most things can probably be bought with a bot somewhere else. But, like, For instance, I don't think Amazon is that easy to buy with a bot on. I don't think it's as easy. I think they're they're a little bit more sophisticated than that. And that's just my strategy. See, I'm gonna go somewhere that doesn't have bots, and I'm gonna refresh. I'm gonna hit a link, and I'm not just gonna do it blindly. And, that's what I'm gonna do. Because to be honest, If I tried to code a bot like this, I would probably end up buying 15 PS fives by accident because I just have no idea what I'm doing in this regard. Okay? So Wes' strategy probably might be a little bit more interesting as far as this podcast go because you actually have a lot of experience with this. I recently got a rower off of Craigslist, And people were like, oh, cool. Can you share the code that you wrote to do the bot to, like, alert you when that became available? And And I was like, well, I I download the Craigslist app, and then I click send me messages when this word is found in the app. Yeah. I just I just I have not done this kind of thing, so let's let's hear it, Wes. Let's hear your your strategy. Yeah. I've talked before where I wrote, like, Craigslist,
Wes Bos
Kijiji, Facebook Marketplace app that would scrape every 3 minutes and then alert me when things popped up just because, like, That's how you get the competitive advantage there. Obviously, these apps have built in notify me, but they're by the time they notify you, it's way too late because they only they run it, like, once a day or twice a day or something like that. So how would I do that? This was asked on Twitter, by the way, by Baja Magician.
Wes explains his strategy of scraping retailer sites for availability
Wes Bos
And he says, we need a podcast on how to use JavaScript to track websites to send a text message or email as soon as a PS 5 is available for purchase. So I thought, That would be fun to build. How would I know about that? Well, first of all, before I even get into any of this, somebody built a very similar website f. Called mcbroken.com.
Wes Bos
And what he did is he tried to add a ice cream to his cart for every McDonald's in North America every minute. And by doing that, he's able to see If the ice cream machine is broken because they say, sorry, not available, or if it's working. And then he has a map of the entire North America Or even you're up to telling you if the ice cream machine is currently broken or not, which is hilarious. And this was a wild situation.
Wes Bos
Like, the same approach. Maybe we should have this guy on the podcast.
Wes Bos
Yeah. We should try to have this guy on the podcast because this is my favorite kind of web development. Yeah. So how would I do? Well, first of all, you need a way to find out if there is any stock, and they're one of 2 ways you can do it. First way I try is I'll visit a website, and I'll open up dev tools. I'll go to the network tab and click on XHR, and then refresh the page. And you'd monitor what XHR requests are being fired off. And often, they will be firing off a request To an endpoint, like a product endpoint, and that will return if anything is available or not. So I just went to bestbuy.ca, Click down PS 5, open up dev tools, and I found they have a endpoint, best buy dot c a forward slash ecom, API forward slash Availability forward slash products, and then they pass that argument to the product ID. So that's how we do it. If they don't have that, if it's all server rendered, Which more and more, this is all done on the client side or at least refreshed on the client side, so they usually have an API.
Wes Bos
But if not, you just have to Fetch the entire HTML. You can use a fetch function. Like, a lot of people don't know this, but you can fetch literally anything, including a website. And then instead of using .json, you just use .text, and that will just give you a payload. That's the easiest way to scrape a website. You have to do it on on the node command because, of Course issues, though. Then you can either regex it. So, like, if they you could, like, look for the word unavailable or available or In stock, you could just regex it and find that value pretty easily.
Wes suggests using Puppeteer to scrape sites that don't have APIs
Wes Bos
A little bit further, you could use a node package called Cheerio, Which is kind of like jQuery for URLs. So it doesn't have, like, any dependencies that are needed. It works pretty good. It's a little bit clunky to use, but it works pretty good. The sort of the best way is to use Puppeteer, which is it's using a headless Chrome browser, and it f. Fires up Chrome and visits the website, and you can click on things and and whatnot. And that's the closest to actually visiting a website, And it's a little bit slower, but if you're if you're running this every 10, 15 minutes, it doesn't matter. From there, save your data in a database.
Wes Bos
For this type of thing, I like using text based databases because then there's no overhead.
Wes Bos
So low DB is a good one, and it just uses JSON files as your database.
Wes recommends a simple database like LowDB to save scraped data
Wes Bos
SQLite is another really good one that's actually a full blown database solution, but it still saves to text files. If you're throwing this in a serverless function, throw it in something like DynamoDB, would probably be good. Dynamo, whatever. Am I saying it wrong again? I repeat every time. Dynamo? Dynamo.
Scott Tolinski
Dynamo, d u Like dynamite.
Scott Tolinski
Dynamo.
Wes Bos
So just something. And these are the types of projects where Go and try that weird database solution you've never tried before because it's fun to fun to learn on something like this with with just low stakes. Then you need, like, a cron job, so you need to rerun this scrape every so often.
Wes Bos
And you can I would probably ideally, you run this on your computer Because then your IP address is one that they possibly know about because there's a lot these companies are doing to block this type of activity because it's It's unfair? Right? It's unfair to people who just wanna buy a PlayStation, and there's all these resellers trying to buy them all up, which is frustrating and ruins the whole experience. So I would do that. And that's cool because the guy who asked this question didn't say, how do I use a bot to buy it? He said, how do I use make a bot to Just let me know when one is available so I'm not spending my entire day refreshing 14 different websites. Then When there is a match, when there is 1 in stock, then you send a text message. I would use Twilio for that. Send an email. I would probably use Postmark for that. And then you could even go 1 step further and try to submit the form, but most websites worth their salt are gonna throw some sort of CAPTCHA in there. If they Put Google reCAPTCHA in there or ask you to add 5 plus 5, then your your bot will probably fall over because you can't script past that. That's how most bots are stopped these days. You have to throw a reCAPTCHA in there, and, Google will also detect if you are a bot based on
Scott Tolinski
Stuff we don't they won't tell us. Mouse movement, things like that. Someone told me the other day, Scott kept hitting reCAPTCHA because you use a VPN. Yeah. Someone said that if you move your mouse a lot, it will trigger less often, which I don't know if that's true or not. Tried it? Because I've I tried it, and I feel like it Yeah. It might have actual. So, like, I was getting some fails on ones that I felt like should have passed, and then I was like, okay. Screw it. This time, I'm gonna move my mouse around. And I just started moving, and then it And I I honestly have no idea if, like, you know, I just got lucky that particular time because who knows? But It worked the one time I actually tried it, but that's it. Yeah.
They discuss how reCAPTCHA can prevent bots from submitting forms
Wes Bos
Oh, man. So you could you could script the mouse moving a whole bunch. I I I don't know if that's possible or not, but maybe you could build a physical robot that moved your mouse and jiggled it around Yeah. In a a random amount.
Wes Bos
Couple last things here. Things that could get in your way. You could get your IP address blocked. That's most common. You could get a CAPTCHA or CloudFlare, which throws up just a temporary pause in the way that will stop you. So that's something to think about as well. Other ways Is you can often, these API endpoints won't work directly, but they'll only work if you're signed in or if you have all of the cookies.
Wes Bos
So you can also if Firefox and Chrome DevTools, you can, like, right click copy as fetch, and it will copy every single header that got sent along with the request. And More often than not, somewhere in those headers is there's a couple like session IDs and things like that that will come along for the ride and and ensure that it's a valid request. So That's how I would do it. At the very core of it, it's just downloading HTML, checking if there is value, and then I would probably send off a text message So that I could quickly hop on my phone and and try to buy the thing. Yeah. That's really smart. Yeah. That's really smart. I'm sure these companies love having bots
Scott Tolinski
Hit their servers all
They acknowledge bot traffic frustrates developers trying to manage inventory
Wes Bos
all the time about, you know, whatever. What can you do? It's both frustrating from, like, the user point of view that you can't buy this thing, but it's also frustrating, like, The developers behind this website now, like, in addition to have it trying to sell this thing and Oh my gosh. Yeah. Manage stock where 500 people are trying to buy 100 of a product at one time. Yeah. Because, like, like, what happens if you charge a credit card Within 12 milliseconds of them, like, who gets it? Right? Like, then you gotta check if the product is still there when you refresh.
Scott Tolinski
I would like to have somebody on who does ecommerce for a big drops like this, whether that's like like Nike or something like that. They do these huge drops. Like, what does their tech actually look like in order to to handle all that? Yeah. I definitely agree with that. Just as long as they're not one of the They didn't work for Kohl's. Did you hear about Kohl's? Unfortunately, I think they sold a whole bunch that they did not have, and then, like, everybody got a bunch of big cancel alerts.
Wes Bos
That's a huge bummer, bummer, bummer. For the PlayStation 5? Yeah. I think it was just Oh, gosh. Yesterday because I have follow along to some of this stuff still, and it was, Honestly, these are big problems that seem very difficult to solve if you're asking me. Back in my day, all you had to do is wake up at 3 AM and Camp outside the Walmart or Zellers is where I went. When I was a kid, we have this Canadian we used to have this Canadian Walmart called Zellers.
Scott Tolinski
For PlayStation 2, I camped out in front for 4 or 5 hours, and you just got to buy 1. Oh, here's what my mom did for PlayStation 2 because it was a Surprise for Christmas for us. My brother worked in the stockroom at Target, and, he got a little hot tip. They they were they were supposed to be bound to some sort of non talking about these Hot tips in the stockroom, but my mom showed up and one of the was one of the first, like, 20 people on the specific day, and they were she like, she had gotten there. I forget if she was, like, one of the first People online or something, but they were just like, how did you know? Because it was like a random day.
Scott Tolinski
Oh, just had a feeling. You know?
Wes Bos
Just checking. Just checking.
Wes Bos
So yeah. There's also a website, stoptrack.ca, which will allow you to put in a SKU of a product for The entire Walmart, Best Buy, it will do this thing that we talked about. It will check if there is in store stock for, I don't know. 50 of the the closest stores is if you're willing to drive an hour, maybe there's 5 or 6 different stores within a 1 or 2 hour drive either way. That's how I got both my Nintendo Wii back in the day. It was like, well, we find .com or one of those type of things, and it told me when they're gonna be there, and I just showed up, early. And another one, I got my Oculus Quest from this, like, random city in
Scott Tolinski
North Central Colorado that was just, like, You know, middle of sort of nowhere, but they had a Best Buy. And in that Best Buy, they had, like, 1 in stock, and I drove a couple hours up there to get it. It's like, oh, okay. You never know. Wow.
Wes Bos
That's amazing. I I did that with the WeFit.
Wes Bos
I was trying to get one. Oh, yeah. And, I just manually refreshed the Best by website because I had nothing better to do with my time. Yep.
Wes Bos
Yep.
Scott Tolinski
Alright. So if
Wes Bos
you I've built anything similar. I always like hearing these stories of people that automated their way into fixing a problem that they have. Tweet us at Syndax FM. I'd love to hear Stories? Yeah. Likewise. Alright. Thanks for tuning in, and we will catch you on Wednesday. Peace.
Scott Tolinski
N. Over to syntax.fm for a full archive of all of our shows. And don't forget to subscribe in your podcast player or drop a review if you like This show.