403 captcha bypass

[Revadike]

[Revadike]

I'm getting a similar error when IM_UNDER_ATTACK mode is enabled, even with the latest version. Currently, you can test this @ https://ogusers.com, but I'm not sure if they have IM_UNDER_ATTACK always enabled.

[JimmyLaurent]

IUAM is currently disabled. This page on the picture is clearly not a IM_UNDER_ATTACK page or a cloudflare protection. If you want to bypass it, you'll have to use my other package hcaptcha-solver.

[Revadike]

IUAM is currently disabled. This page on the picture is clearly not a IM_UNDER_ATTACK page or a cloudflare protection. If you want to bypass it, you'll have to use my other package hcaptcha-solver.

Oh, I thought you were already using it to solve hcaptcha in this library. Also, this seems to be a custom page, but it says IM_UNDER_ATTACK in the source code.

[Revadike]

a cloudflare protection

seems they disabled the IUAM. But if you submitted the hcaptcha, you can see in the URL, it's using cloudflare.

[JimmyLaurent]

Your website is definitely using cloudflare, but the hcaptcha part on your picture is a custom hcaptcha protection. This library solve hcaptcha challenges but only the ones from cloudlfare, any custom hcaptcha implementation is not supported.

[Revadike]

I tried this, which seems to be correct, but perhaps I'm missing something. I keep getting hcaptcha, even after doing handleCaptcha. Can you please help me with this? If you're not getting hcaptcha triggered on this page, try using a VPN.

const HTTP = require("cloudflare-scraper").defaults({ "followAllRedirects": true });
const { handleCaptcha } = require("cloudflare-scraper/src/handleCaptcha");
//....

        let loginPage = await HTTP.get("https://ogusers.com/member.php?action=login").catch(async error => {
            if (!error.response || !error.response.body) {
                return false;
            }

            let { body } = error.response;
            if (!body.includes("IM_UNDER_ATTACK_BOX")) {
                return false;
            }

            console.log("IM_UNDER_ATTACK_BOX");
            await handleCaptcha(body, HTTP);
            /* ^^^^
               I inspected its post request and it all looks legit:

    "followAllRedirects": true,
    "uri": "https://ogusers.com/member.php?action=login&__cf_chl_captcha_tk__=9de707bb63435e97e1d3b47266f7bdcc50abb442-1592450447-0-AUuvlJ3daTLpFMtohDIWaXvpH2mRcZkQ209EQbx3vMa1GMTWeWHg2SVwO2EE_U_cUIqWzN47GVBBeFyE4ilESavJCrrGiaaMaje-VWz4HwyPVc743QnSiJqYKTW9Fo7MDlCMe-2AN0dHBKjPg373f_T4DWfnZRaHFuqLKiXPGHBMfnGapPxujSZgF_-H8mxs_rMvjyXEQe9sWa1OL-5BvSogQNT1FFpTyp8h4LZUoAMm55QV5ZpoXNxxyoPDYiEBEHU_MV1JeguBd-PA-zHnCH6Tsu7eOfo5N7oG8bK_uJoVVbHWaivLVCn7KK8BOC1SCIfYO97Ci5g1TquGm7c_U9h4JDZOE19m-Morr6gwhlLk_g7b9lXcte1v7oHbvrmzGqeP0p3rlGMpXRmgEw91jqLBS2COuDRzt_QzQAGuRdocmZxLYnSO3JdL_b_eEznQYvpn9-FpfomBKBf5qVqXwTgvvk3Y8tzPiRZB9DFGCZyMHQYmun2XejxgsSRNtyyfyjdo33WXkgObQerhbKlgQk8",
    "method": "POST",
    "simple": false,
    "resolveWithFullResponse": false,
    "transform2xxOnly": false,
    "form": {
        "r": "5200bf1e65e26b32315da81910cffd11ab2f1892-1592450447-0-AeaSn0wdKL%2FT4i%2FENtMIXxaB%2FzatvxKKrvYaJqLtPAG%2Bnbsc1Pzfq1mRfRlCQZ8A9f5%2FXy04nVWfaAC5ydhlJ5QFBxIBFyFw2U3v%2FreTS2PnIQzh7d623%2FWE2xnUYfTULW1kQz60S677oWVIJaagdDMMOXo0QgOae0TSKIijNsrscq%2B7t0wQ8PAv%2FqAA1OoNMhYOSsT4%2FctsyspvOiJDslOt5gfvwa6zNKUsrLAqfx0EOn8PtqFuj%2FV9xapJiYmc1AEEe9d9yjcSUL5cSeWf%2F9yFewISsJVmEZrc7%2FnLftxYcY4yxIN%2BjOeypIrgndShuzl%2FGWbsHtjWr7j8%2BzHQwS%2BtQNv84fzui4UC34GEhLkD6HRSnV%2BrUjZoM0uEgTAJ%2Bx13SNVWSosu%2FE9h4DAI9arV1%2FFYchk5WqUlcl0PPDaFWiYcIw7rZbNVM%2BwAoao7k%2F69JTbjtSRvQg8%2FmA4BtcGiB2VPojuBqRy98sbp3kGGvrMRfyn1ZhgtZn18b7FaKDeVtkuLmFoDpu2dXzKITichadEPCq0ephhz8vknTGHV9YPUveKvBO8du3to4ebEvFhdKbwD67X9eQSAiCgHgy0A4cWH1d9FKk9NIpkg%2B1r5TQh0mI56P2uD0myLChnkKqf8WgJdpC598CaWdYcR03eex%2FkyfQooOO97yyuxkxNLk3GNE3DenJSEY%2Bael3X54sxfKC6zvgyXCZ8co2vU4fprWWTSdiGk83C9UjlqUxZ1XMB4BM26narO9iXxCq7Do9%2BPN%2FrQdljev54M9RwjPQqON91yXooeCBVebDihoIe1cxaBj7KE7fRIb%2FiC%2BTN%2BPOsFkPM5RlaPqLma5QSn1jRJ1je1RVMfzSfZ721nTA6jb1OaxJtxJp5qzBspryejjapFN7tGdZtjGMHrFs1bCtA1A4Qn1xF6NjnUIta1WYo%2BrYicNH%2FB919XWha%2F1BIIuS4efJCYtDen%2FDjnT5SU5h1VXJCkrnkU5Rv1ucV6F83d41%2FG34u%2FftLBdkC6f8ss4Wvg%2BajyptPjv%2F9QqRSw6NXMlyfUB8Lt06CuSTEJDprbXCy8yUT6U8BxzN9xN12xmp%2BYDiqx2rRq9Nc4dsNg8N37lJWy1YrIIWIGJ62EkRl3A%2BQ1GzYoUaZgXkBvU3BrfbrC4p0C%2BOVFqGMHcJyEkXciXGYrn6cWcXMo8BiLZgcJxy5eYHzza6nkHkZnmtaZELz1%2FAUSf68VnmF8psF5lO6q97exTToFZmCw6skJBN2hIT%2FOxMDkQCxyjagrL0y1ojOnhLR5%2BsMfnGxA58Bhj%2BF3QevKp6fHiG208lzKN5%2BmcK9x00VENZHmzzTZV7yiKoPumllK%2FE812UtSFIsycyqSMOL9U0wmC5wMgi%2BRGBVTj3W9JlGe00iQwsmNIuMn9kV82rMOkzirBsYAbG86DhYXLrcUCrmzycYVpjulwTe8C9fqxP3bAqDhp756t1g4law1AfbCLaYovf4AXM1c%2BkgnYCOvdTIyACKb6M3qKBhj%2Bx4iwtqqukqM96XRc%2FOZRTwfowVsr4uI9lWKgCiq7fF%2F0D6ArqDdSQWKsMQSmxxtB1VjKLHO9wCd2M%2Bqjxv4Eu%2F4bzxfeOQlbxxyGYR8P%2B%2FZ5imqSfcDsmcpA06XjMAsxKELsmuKD6XJkRq%2FHhp2b1ql08O0RenxkaL5CStdrKzYVw%2BtJblAeZwteGQ5WKrr",      
        "cf_captcha_kind": "h",
        "vc": "",
        "g-captcha-response": "F0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzaXRla2V5IjoiZDVmOWZlODYtYWY0OC00MzFhLWI3NjItOWYxY2EwMmUxZGViIiwiZXhwIjoxNTkyNDUwNTcxLCJwZCI6MH0.o1L63wya3NVYW7hrTP5jDnmajxCGZJsqtatZGjJ84Vo",
        "h-captcha-response": "F0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzaXRla2V5IjoiZDVmOWZlODYtYWY0OC00MzFhLWI3NjItOWYxY2EwMmUxZGViIiwiZXhwIjoxNTkyNDUwNTcxLCJwZCI6MH0.o1L63wya3NVYW7hrTP5jDnmajxCGZJsqtatZGjJ84Vo"
    }
 */
            let result = await HTTP.get("https://ogusers.com/member.php?action=login").catch(() => false); // retry, should have no more captcha, but it does :(
            return result;
        });

        if (!loginPage) {
            throw new Error("Unknown error occurred while logging in");
        }

[JimmyLaurent]

I can't reproduce even with vpn IPs, I think I'll have to try another time when IUAM mode is enable. Your code seems right though.

You should check your cookies to see if the cf_clearance and cfuid cookies are there after the first query. Here is how to do it:

const cloudflareScraper = require('cloudflare-scraper');

(async () => {
 try { 
    const jar = cloudflareScraper.jar();
    const url = 'https://your-url.com'; 
    const response = await cloudflareScraper.get(url, { jar }); 
    const cookiesObject = jar.getCookies(url); 
    const cookieStr = jar.getCookieString(url); 
    console.log(cookieStr); 
} catch (error) {
   console.log(error); 
}
})();

Can you also confirm that you're not playing with user agent ?

[Revadike]

Can you also confirm that you're not playing with user agent ?

No, I'm not. I didn't include it in the request details above, but it should be nominal.

I can't reproduce even with vpn IPs

Yeah, I had that issue too, but I managed to do it with ProtonVPN, if you're willing to install that.

I'm gonna check cookies now.

[Revadike]

Only __cfduid cookie was set, but that was already set before the hcaptcha form POST... It seems to fail, because it redirects me to the same hcaptcha form with statuscode 403

[Revadike]

@JimmyLaurent any luck on your side?

[JimmyLaurent]

I can reproduce but I didn't figure it out yet. It may be related to this custom IUAM page.

[JimmyLaurent]

I found the bug, it should be fixed in 1.0.6.

[roachadam]

@JimmyLaurent do you still maintain this project? I have a few questions if you dont mind replying. roach#1000