Ever found yourself frustrated when your login attempts or payments are mysteriously blocked on popular websites like Ticketmaster or Kohl's? You've likely encountered NuData Security—a leading behavioral biometrics service designed to detect fraud by analyzing user interactions.
A while ago, I was repeatedly denied access while attempting to purchase tickets for a highly anticipated concert. NuData’s rigorous behavioral checks kept flagging my attempts, making what should have been a straightforward transaction an exercise in frustration.
This experience led me to dive deeply into understanding NuData's inner workings, culminating in developing reliable methods to effectively interact with NuData-protected websites.
What Exactly is NuData?
NuData Security protects critical online interactions by analyzing patterns in user behavior to identify fraudulent activity. Sites using NuData often require a specific parameter in their requests—commonly nds-pmd. This parameter helps NuData validate the authenticity of your session.
How NuData Works Behind the Scenes:
When you interact with a NuData-protected site, the following typically happens:
- Your behavior (mouse movements, typing speed, click patterns) is continuously monitored.
- Data is compiled into a behavioral profile sent to NuData servers.
- A response containing the NuData token (
nds-pmd) is returned. - Your browser includes this token with subsequent requests to validate your session.
Generating NuData's Required Parameter (nds-pmd)
To interact successfully with NuData, you'll need to generate the nds-pmd parameter. Here's how:
Option 1: Direct Parsing
- Identify the Script Source:
Parse the webpage HTML to locate the NuData JavaScript source, typically hosted at*.nudatasecurity.com. - Extract the Required Parameters:
NuData scripts often contain necessary parameters embedded directly in the JavaScript or page HTML.
You can use this regex to find the NuData script:
<script\s+src=["'].*?nudatasecurity\.com/([^"']+)["'].*?>
Option 2: Using Proxies
When automating requests, rotating proxies can significantly enhance success rates by reducing the chance of detection.
- Use residential or datacenter proxies to simulate different locations and sessions.
- Rotate proxies between sessions or requests to maintain anonymity.
Option 3: Using Browser Automation
Leveraging tools like Selenium or Puppeteer can effectively simulate human-like interactions:
- Randomize mouse movements and typing intervals.
- Implement delays and interaction variability.
- Use undetected-chromedriver to reduce detection risk.
Using the NuData Token Generation API
To streamline token generation, you can use our dedicated API endpoint:
Endpoint:
GET https://nudata.yourapi.tech/generate
Required Paramters:
- scriptID: Extracted from NuData JavaScript.
Optional Parameters:
- session_id: If available, your current session ID.
Recommended Paramaters:
- User-Agent, Sec-Ch-Ua, and Accept-Language for higher accuracy.
Example API Request:
GET /generate HTTP/1.1
Host: nudata.yourapi.tech
x-api-key: YOUR_API_KEY
Accept: */*
User-Agent: Your Browser User Agent
Example API Response:
{
"session_id": "12af43...afc9",
"nds-pmd": "4b6fa...db68"
}
Python Implementation Examples:
Direct Request with Proxy Rotation:
import requests
import re
proxies = ["proxy1", "proxy2", "proxy3"]
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
'Accept-Language': 'en-US,en;q=0.9',
}
proxy = {'http': proxies[0], 'https': proxies[0]}
response = requests.get('https://www.ticketmaster.com', headers=headers, proxies=proxy)
match = re.search(r'<script\s+src=["\'].*?nudatasecurity\.com/([^"\']+)["\'].*?>', response.text)
if not match:
print("No NuData script ID found")
exit(0)
script_id = match.group(1)
nudata_response = requests.get(
"https://nudata.yourapi.tech/generate",
params={"scriptID": script_id},
headers={"x-api-key": "YOUR_API_KEY", **headers},
proxies=proxy
).json()
print(nudata_response)
Browser Automation with Selenium:
from selenium import webdriver
import time
options = webdriver.ChromeOptions()
options.add_argument("--disable-blink-features=AutomationControlled")
options.add_argument("--user-agent=Mozilla/5.0")
driver = webdriver.Chrome(options=options)
driver.get("https://www.ticketmaster.com")
time.sleep(5) # Human-like delay
# Proceed with interactions here
driver.quit()
Final Thoughts
Understanding and effectively interacting with NuData Security’s behavioral biometric system can greatly enhance your automated and manual interactions with protected websites.
The provided techniques are reliable, extensively tested, and perfect for developers seeking to streamline secure website interactions.
