Frontend test surface

Bot Defense Test Surface

Guest session

Authentication scenario

Login

Use this page for credential stuffing, password spraying, scripted login, and session persistence tests.

// Good login credentials
// shopper@example.com / StridePass!2026
// analyst@example.com / BotDefense!2026
Request access

Retail bot scenarios in one static app.

Login, scrape, cart, checkout, gift-card, and form abuse flows.

Registration request scenario

Request Shopper Access

This does not create an account. It records a local request event for testing registration abuse controls.

Scraping scenario

Clothing Price Catalog

Sneaker bot scenario

Limited Sneaker Drop

Queue protected test drop

AeroFlux Runner 1

Use rapid size checks and repeated add-to-cart attempts to validate automation defenses.

Checkout preparation scenario

Cart

Carding scenario

Payment Test Form

No payment is processed. Entries are masked and stored only in local event history.

Gift card cracking scenario

Gift Card Balance Check

Try repeated card and PIN combinations to validate velocity, enumeration, and challenge rules.

Form abuse scenario

Product Comment Entry

Use this form for spam, synthetic identity, content injection, and high-volume submission tests.

Protected endpoint map

Endpoint Reference

Use these paths as endpoint-level bot protection candidates. Each handler returns mock JSON, but when the app is served over HTTP it creates real requests that can be inspected, challenged, rate limited, and logged by an upstream bot protection layer.

Scenario Method Endpoint Triggered by Bot behavior to test
Credential stuffing POST /api/login Login form submit Repeated email/password attempts, password spraying, session creation checks.
Fake registration POST /api/register Registration form submit Automated signup attempts, disposable email patterns, repeated request creation.
Catalog scraping GET /api/catalog Direct endpoint request High-frequency product, inventory, and price extraction.
Search automation POST /api/catalog/search Price Catalog search or sort Repeated query/filter behavior and automated catalog enumeration.
Catalog carting POST /api/cart/add Price Catalog add-to-cart Automated cart creation, product hoarding, cart preparation before checkout.
Sneaker bot POST /api/drop/add-to-cart Sneaker Drop add-to-cart Rapid size probing, queue bypass attempts, sold-out retry loops.
Carding POST /api/payment Payment form submit Repeated card submissions, expiry/CVV variation, checkout automation.
Gift card cracking POST /api/gift-card/check Gift Card form submit Balance lookup automation, card/PIN enumeration, high-velocity checks.
Form abuse POST /api/comments Comments form submit Spam posting, synthetic identity submissions, repeated content injection attempts.

Telemetry simulator

Local Event Signals

Scenario Counters

Recent Events