search

0x6a69616e / kpsdk-solver

A Playwright-based solver for Kasada's bot defense platform.
https://www.npmjs.com/package/kpsdk-solver
MIT License
52 stars 12 forks source link

hello, need information #6

Closed KinGhost-90 closed 7 months ago

KinGhost-90 commented 7 months ago

hello and thank you for your work. This works well but you absolutely have to de-obfuscate the p.js file. Is there a way to work directly with the file without deobfuscating it?

0x6a69616e commented 7 months ago
  1. The internal variables of p.js are scoped to an IIFE (Immediately Invoked Function Expression) and are therefore inaccessible at the global scope.
    • String manipulation can be useful in this case.
  2. It is generally not recommended to read large files using fs.readFileSync() due to its impact on performance and memory consumption.
    • Thus, we need to compress and minify the script.
    • Deobfuscating p.js and minifying it afterward apparently takes less storage compared to minifying p.js directly. Hence, the creation of p_deobf_modified.js

So, in short, it is not really feasible for kpsdk-solver to work with p.js without deobfuscation at the moment.

0x6a69616e commented 7 months ago

Is there a way to work directly with the file without deobfuscating it?

@KinGhost-90 I've given some thought to your question and realized that it actually might be possible to work directly with p.js

  1. We load p.js and use it as intended.
    • When loaded, the script creates a global KPSDK Object with 2 methods.
      • configure(), which configures the SDK with Kasada-protected API endpoints.
      • isReady(), which returns a boolean representing the SDK's state of readiness.
    • After successful configuration, Kasada replaces the Fetch API to a modified one of their own.
      • Kasada's modified Fetch applies their dynamically generated x-kpsdk-* headers to the requests sent to the configured endpoints.
  2. Then, we make requests to those endpoints and capture the x-kpsdk-* headers.
  3. Voilà, a solver working directly with the p.js file!

This is just my theorized concept based on current knowledge, and it needs testing before it is implemented.

KinGhost-90 commented 7 months ago

Ok thanks for your answer, I think I will also look into it for myself because it could be very interesting to be able to work directly with a file that is not deobfuscated. I also noticed that the x-kpsdk-* header is not working at the moment. the script generates them well but it does not work when used for example to generate a twitch integrity token