Study how zero-amount validation logic can be used to gate a payment checkout flow.
Review proxy rotation and browser fingerprint spoofing techniques used against fraud detection.
Reference the Go and Python gateway implementations for payment protocol research.
| jmmy9609-design/gpt-pp | evilsocket/audit | scenemaai/scenema-audio | |
|---|---|---|---|
| Stars | 396 | 397 | 406 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 4/5 | 4/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires residential proxy access, an .env configuration file, and either a Python 3.10+ environment or a Go build toolchain.
This repository is a gateway tool that intercepts and extracts PayPal authorization links from Stripe Hosted Checkout sessions. The core idea is a "zero-amount" validation logic: the gateway only allows sessions through that match a zero-amount rule, and it blocks anything that deviates from that pattern. The authors describe the intended use as security auditing, network protocol analysis, and payment interface research. The project has two server implementations. The Python version handles the web dashboard, JWT token extraction, proxy preflight checks, and gateway state management. The Go version is built for higher throughput when handling large numbers of concurrent transactions at once. Both are included in the same repository and can be run independently or together depending on load requirements. A background scheduler rotates residential proxy IP addresses across multiple regions, automatically switching to a fresh IP when a connection fails or gets blocked. Browser automation is handled through Playwright with a headless Chromium instance, using a library called curl-cffi that mimics browser TLS fingerprints to make automated requests look more like traffic from a real browser. Setup is automated by startup scripts for both macOS and Linux (start.sh) and Windows (start.bat). Running the script creates a Python virtual environment, installs dependencies, downloads the browser components, and opens the management dashboard in your default browser at a local address. A diagnostic script is included for checking the production environment before deployment. Unit tests cover the zero-amount filtering logic, proxy selection algorithms, and multi-account queuing. The repository's disclaimer states this code is for security auditing and academic research only, and must not be used for fraud or to circumvent payment controls in violation of any platform's terms of service.
A gateway tool that intercepts Stripe checkout sessions to extract PayPal authorization links under a zero-amount validation rule, described by its authors as a security research project.
Mainly Python. The stack also includes Python, Go, Playwright.
No license information is provided in this repository.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.