The Unethical Bing Bot
Gaming Bing Rewards with browser automation
I try to be disciplined … most of the time, but the hacker within could not pass on this fun project. Hours ago, when I failed to sleep because of excessive coffee intake this morning, I learned about Bing Rewards, a Microsoft’s promotion aimed to bring Bing search engine to the masses: users get Bing credits for searching on Bing instead of Google and these credits could be redeemed for a variety of gift cards. Thought bubble: “If only the computer could automate the searching process everyday”. It was 12:44 AM, but I was somehow on an adrenaline rush… so I decided to do a quick hack.
Out of all the redeemable items, I was most interested in the $5 Amazon gift card, which cost about 475 Bing credits (an equivalence of 950 Bing searches). The catch: there was a cap of 15 credits per day. That meant it would take a month to get $5 per account. No problem. I would crate more accounts in the future. The bot was really a tool that could automatically tell the computer to fire up Chrome, go to a specified URL to login, and iteratively search. This was probably pretty simple with a browser-interactive Python library somewhere on the web.
After peeking around, I found splinter, a Python framework used for testing web applications. Splinter was quite easy to use; their documentation showed most of the capabilities I needed. First thing first, I had to login. Finding the login URL was simple, since it was just visiting whatever was on the address bar. Splinter could find fields and forms using CSS tags and automatically fill them, so I used the nifty ‘inspect element’ tool on Chrome to find the CSS tags.
Next, I needed to perform the actual searches. This was nothing more than changing the URL to query different search terms. I noticed that the search terms followed after the base URL and were concatenated by the ‘+’ sign, so I just had to loop 30 times and manipulate the URL string to change up the URL a bit.
And that was it. I had my first bot-run searches at 1:59 AM. It was quite entertaining to see how everything was automated. This was probably the most unethical thing I had ever done in my career, but it was all for ‘educational’ purposes anyway… Bing team will definitely discover this hole in their system as soon as they notice a series of consistent queries from the same IP address. They will most likely ban my accounts, but by that time, I would have had my fair share of entertainment and learned a few things along the way…