mkb79

@seidnerj This was from another Android App which uses the Amazon login method. These App was not so much obfuscated as the Audible App. I reverse engineered the App and...

> Specifically there's a cookie called CES that I suspect has something to do with captcha authentication. I've never heard of a CES cookie. Maybe it's a kind of CSRF...

I doesn’t know anything about the „ape:“ prefix. But from the name I would think first on „Authenticated Permutation-Based Encryption for Lightweight Cryptography (APE)“?! But I‘m not sure.

I would also like to take a closer look. Can I also use the Amazon iOS Shopping App for this? Or does it work differently there?

Okay. Now I have to figure out how to force a captcha prompt. I‘m think I must disable 2FA?!

@seidnerj When I `POST` to `https://www.amazon.com/ap/signin` there are some `ape:` values in the body too. `openid.return_to` had the value `ape:aHR0cHM6Ly93d3cuYW1hem9uLmNvbS8/X2VuY29kaW5nPVVURjgmcmVmXz1uYXZtX2hkcl9zaWduaW4=`. `prevRID` had the value `ape:NkVFS0RZNk1BS0pNMTY4MVg0NlA=`. So my Safari browser must...

Hello DaleQuest, thank you for sharing your discoveries. The `customer_rights` togehter with the `plans` response section seams to be the right place to detect Audible Plus titles. Let's see how...

As a workaround, the tool [Link Redirect Trace](https://chrome.google.com/webstore/detail/link-redirect-trace/nnpljppamoaalgkieeciijbcccohlpoh?hl=en) or the Chrome dev tools can help.

Thanks for your advice. I'm currently on holiday these week. I will look on this later.

@dreirund @paulerickson I've updated the httpx version range to >=0.23.3 < 0.26.0 in the latest (v0.2.6) audible-cli release.