search

FlorianREGAZ / Python-Tls-Client

Advanced HTTP Library
MIT License
662 stars 136 forks source link

Unable to bypass cloudflare's protection #121

Open wwangyu2 opened 4 months ago

wwangyu2 commented 4 months ago

code:

import tls_client

session = tls_client.Session(
    ja3_string="771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,23-18-11-65281-51-10-35-27-13-43-5-16-0-17513-45-21,29-23-24,0",
    h2_settings={
        "HEADER_TABLE_SIZE": 65536,
        "MAX_CONCURRENT_STREAMS": 1000,
        "INITIAL_WINDOW_SIZE": 6291456,
        "MAX_HEADER_LIST_SIZE": 262144
    },
    h2_settings_order=[
        "HEADER_TABLE_SIZE",
        "ENABLE_PUSH",
        "MAX_CONCURRENT_STREAMS",
        "INITIAL_WINDOW_SIZE",
        "MAX_HEADER_LIST_SIZE"
    ],
    supported_signature_algorithms=[
        "ecdsa_secp256r1_sha256",
        "rsa_pss_rsae_sha256",
        "rsa_pkcs1_sha256",
        "ecdsa_secp384r1_sha384",
        "rsa_pss_rsae_sha384",
        "rsa_pkcs1_sha384",
        "rsa_pss_rsae_sha512",
        "rsa_pkcs1_sha512"
    ],
    supported_versions=["GREASE", "1.3", "1.2"],
    key_share_curves=["GREASE", "X25519", "P-256", "P-384"],
    cert_compression_algo="brotli",
    pseudo_header_order=[
        ":method",
        ":authority",
        ":scheme",
        ":path"
    ],
    connection_flow=15663105,
    header_order=[
        "accept",
        "user-agent",
        "accept-encoding",
        "accept-language"
    ]
)

res = session.get(
    "https://www.eleze.top/cgi-sys/defaultwebpage.cgi",
    headers = {
        'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
        'accept-language': 'zh-CN,zh;q=0.9',
        'cache-control': 'max-age=0',
        'cookie': 'cf_clearance=2.gzxo07Zx7b6tXiIft.O1usJVnHy2yG3BCP8h8CCSw-1715288007-1.0.1.1-5kaFC8ydnBLTvFICGPDyyUzL8iCNfu7RiGNT8PNK18gu.qDcGJuDRkjzLpcKjSyp00MF.Sg0KvyAsYpXbfLabg',
        'priority': 'u=0, i',
        'sec-ch-ua': '"Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"',
        'sec-ch-ua-arch': '"x86"',
        'sec-ch-ua-bitness': '"64"',
        'sec-ch-ua-full-version': '"124.0.6367.61"',
        'sec-ch-ua-full-version-list': '"Chromium";v="124.0.6367.61", "Google Chrome";v="124.0.6367.61", "Not-A.Brand";v="99.0.0.0"',
        'sec-ch-ua-mobile': '?0',
        'sec-ch-ua-model': '""',
        'sec-ch-ua-platform': '"Windows"',
        'sec-ch-ua-platform-version': '"19.0.0"',
        'sec-fetch-dest': 'document',
        'sec-fetch-mode': 'navigate',
        'sec-fetch-site': 'none',
        'sec-fetch-user': '?1',
        'upgrade-insecure-requests': '1',
        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36',
    }
)

print(res.text)

print("Status code:", res.status_code)
print("Headers:", res.headers)

image

URL: https://www.eleze.top/cgi-sys/defaultwebpage.cgi

Can you write an example to pass cloudflare's protection?

ghost commented 4 months ago

use timeout=30 or smth

OculusVisionSellix commented 3 months ago

As it seems, manually you are required to solve captcha on the cloudlfare protection too. This isn't a fault of the package, it's just the website, which requires a captcha every time.