search

KyranRana / cloudflare-bypass

A new and improved PHP library which bypasses the Cloudflare IUAM page using cURL
MIT License
274 stars 98 forks source link

could you make it compatible php 7.0 or help how to render it compatible ? #125

Closed momala454 closed 5 years ago

momala454 commented 5 years ago

thanks

momala454 commented 5 years ago

hello, what feature is not available on php 7.0 ? thanks

KyranRana commented 5 years ago

v3.1.0 is now compatible with PHP 7.0

Fixes in #130

momala454 commented 5 years ago

it is not working :(

Using version ^3.1 for kyranrana/cloudflare-bypass ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) Your requirements could not be resolved to an installable set of packages.

Problem 1

Installation failed, reverting ./composer.json to its original content.

momala454 commented 5 years ago

not really upgrade to 7.1, but php enum 1.6.6 is compatible with php 7.0

KyranRana commented 5 years ago

Try with v3.1.1 and let me know if that works

momala454 commented 5 years ago

composer still see version 3.1, how much time should i wait ?

KyranRana commented 5 years ago

Try 3.1.1 now

It should be in packagist https://packagist.org/packages/kyranrana/cloudflare-bypass

momala454 commented 5 years ago

composer require kyranrana/cloudflare-bypass still says "using version 3.1"

KyranRana commented 5 years ago

Try compose require kyranrana/cloudflare-bypass@3.1.1

momala454 commented 5 years ago

[InvalidArgumentException] Could not find package kyranrana/cloudflare-bypass@3.1.1 at any version for your minimum-stability (stable). Check the package spelling or your minimum-stability

KyranRana commented 5 years ago

Try pulling down the latest version of master and try running it

momala454 commented 5 years ago

sorry what do you mean, downloading manually the zip ?

momala454 commented 5 years ago

i have never installed the app so if i i manually download the zip i will have to include all the php files manually

momala454 commented 5 years ago

Problem 1

momala454 commented 5 years ago

the command is actually composer require kyranrana/cloudflare-bypass:3.1.1 (not @)

but now : Problem 1

KyranRana commented 5 years ago

Try with 3.1.3 when you are available

momala454 commented 5 years ago

it installs but don't work :

PHP Parse error: syntax error, unexpected 'const' (T_CONST), expecting variable (T_VARIABLE) in CloudflareBypass/vendor/kyranrana/simple-javascript-compilation/src/main/Enum/DataType.php on line 27

KyranRana commented 5 years ago

You need to update your PHP version to 7.1 at least. Sorry.

momala454 commented 5 years ago

just remove private in front of "const" of your variable and it's compatible 7.0

momala454 commented 5 years ago

i removed the "private" from a few of variables and now when i try to navigate on a website using cloudflare always on, it fails on this fonction

public static function getParamsFromPage(UAMPageAttributes $pageAttributes): UAMPageFormParams { $page = $pageAttributes->getPage();

    preg_match('/name="s" value="([^"]+)"/', $page, $sMatches);
    preg_match('/name="jschl_vc" value="([^"]+)"/', $page, $jschlVcMatches);
    preg_match('/name="pass" value="([^"]+)"/', $page, $passMatches);

    return new UAMPageFormParams($sMatches[1], $jschlVcMatches[1], $passMatches[1], self::getJschlAnswerFromPage($pageAttributes));
}

$sMatches[1] etc does not exist, because the website shows the following data :

Why have I been blocked?

        <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
      </div>
momala454 commented 5 years ago

to give more details, it first have the data, and then when i try to do a second request it shows the error with the text "blocked" from the website

KyranRana commented 5 years ago

What is the version of cURL you are using?

momala454 commented 5 years ago

PHP 7.0.33-0+deb9u3 curl 7.52.1

i'm browsing https://www.extreme-down.xyz/rss.xml?1241878191

it seems like it's not solving :

$cfCurl = new CloudflareBypass\CFCurlImpl();

                    $cfOptions = new CloudflareBypass\Model\UAMOptions();
                    // $cfOptions->setVerbose(true);                        // Enable verbose 
                    // $cfOptions->setDelay(5);                             // Set delay before requesting clearance

                    $page = $cfCurl->exec($ch, $cfOptions);

                    die('this page'.$page);

shows 👍 

this page<!DOCTYPE HTML>
<html lang="en-US">
<head>
  <meta charset="UTF-8" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
  <meta name="robots" content="noindex, nofollow" />
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
  <title>Just a moment...</title>
  <style type="text/css">
    html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
    body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}
    h1 {font-size: 1.5em; color: #404040; text-align: center;}
    p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}
    #spinner {margin: 0 auto 30px auto; display: block;}
    .attribution {margin-top: 20px;}
    @-webkit-keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% { -webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% { -webkit-transform: translateY(0); transform: translateY(0); } }
    @keyframes bubbles { 33%: { -webkit-transform: translateY(10px); transform: translateY(10px); } 66% { -webkit-transform: translateY(-10px); transform: translateY(-10px); } 100% { -webkit-transform: translateY(0); transform: translateY(0); } }
    .bubbles { background-color: #404040; width:15px; height: 15px; margin:2px; border-radius:100%; -webkit-animation:bubbles 0.6s 0.07s infinite ease-in-out; animation:bubbles 0.6s 0.07s infinite ease-in-out; -webkit-animation-fill-mode:both; animation-fill-mode:both; display:inline-block; }
  </style>

    <script type="text/javascript">
  //<![CDATA[
  (function(){
    var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
    b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
    b(function(){
      var a = document.getElementById('cf-content');a.style.display = 'block';
      setTimeout(function(){
        var s,t,o,p,b,r,e,a,k,i,n,g,f, OlEviXX={"kBL":+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+[])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[]))};
        g = String.fromCharCode;
        o = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
        e = function(s) {
          s += "==".slice(2 - (s.length & 3));
          var bm, r = "", r1, r2, i = 0;
          for (; i < s.length;) {
              bm = o.indexOf(s.charAt(i++)) << 18 | o.indexOf(s.charAt(i++)) << 12
                      | (r1 = o.indexOf(s.charAt(i++))) << 6 | (r2 = o.indexOf(s.charAt(i++)));
              r += r1 === 64 ? g(bm >> 16 & 255)
                      : r2 === 64 ? g(bm >> 16 & 255, bm >> 8 & 255)
                      : g(bm >> 16 & 255, bm >> 8 & 255, bm & 255);
          }
          return r;
        };
        t = document.createElement('div');
        t.innerHTML="<a href='/'>x</a>";
        t = t.firstChild.href;r = t.match(/https?:\/\//)[0];
        t = t.substr(r.length); t = t.substr(0,t.length-1);
        a = document.getElementById('jschl-answer');
        f = document.getElementById('challenge-form');
        ;OlEviXX.kBL+=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));OlEviXX.kBL*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(+!![]))/+((!+[]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]));OlEviXX.kBL*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));OlEviXX.kBL-=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));OlEviXX.kBL-=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]))/+((!+[]+!![]+[])+(!+[]+!![])+(!+[ (etc)`
KyranRana commented 5 years ago

Tried with your PHP version and it worked. Can you post your verbose log? Also try with 3.1.4

Use the example code in README too.

momala454 commented 5 years ago

there is something wrong with the user agent.

This is what i'm sending : GET /rss.xml?2067415447 HTTP/1.1 Host: www.extreme-down.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: / Accept-Language: * Accept-Encoding: deflate, gzip Connection: Keep-Alive

and this is what you send GET /rss.xml?741195160 HTTP/1.1 Host: www.extreme-down.xyz Accept-Encoding: deflate, gzip Cookie: __cfduid=d77eb3b83eb0dc6e5d8636dcaf402db2e1567717308; cf_clearance=7965d96adef9a9aa5bef8305f4a0054bf05931b2-1567717313-1800-150 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv Accept: / Accept-Language: * cookie: __cfduid=d77eb3b83eb0dc6e5d8636dcaf402db2e1567717308

notice the truncated user agent

momala454 commented 5 years ago 
private function getCurlHeadersAsMap(string $requestHeaders)
    {
        $requestHeaders     = explode(PHP_EOL, $requestHeaders);
        $requestHeaderMap   = [];

        foreach ($requestHeaders as $requestHeader) {
            if (strpos($requestHeader, ":") !== false) {
                list($name, $value) = explode(":", $requestHeader);
                $requestHeaderMap[strtolower($name)] = trim($value);
            }
        }

        return $requestHeaderMap;
    }

you are exploding the headers with ":" so you are ignoring everything after any ":" on the header value

KyranRana commented 5 years ago

Nice spot! Fixed in 3.2.0

momala454 commented 5 years ago

so on $cfCurl->exec($ch, $cfOptions); it works, it return the correct data. However, as soon as i do a second request to the same page, i have

PHP Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35

Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35 PHP Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35

Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35 PHP Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35

Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php on line 35 PHP Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageChallengeCode.php on line 53

Notice: Undefined offset: 1 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageChallengeCode.php on line 53 PHP Notice: Undefined offset: 2 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageChallengeCode.php on line 53

Notice: Undefined offset: 2 in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageChallengeCode.php on line 53 PHP Fatal error: Uncaught Error: Call to a member function getDataType() on null in /CloudflareBypass/vendor/kyranrana/cloudflare-bypass/src/main/Model/UAM/UAMPageFormParams.php:64 Stack trace:

so i probably have the same thing as i had before, a captcha, and in the function getParamsFromPage the preg_match doesn't fill the array as the data is not on the page

momala454 commented 5 years ago

GET /cdn-cgi/l/chk_jschl?s=6bd41c2e20b088087bbe70f55aca94cbabf49b38-1567718909-1800-AXb%2Bd3rgMM2ATQ3AmWRcqGar0nYJYgIXbYAqx7t98BeNr8lckP1I%2FZMMh2Ft0dzstkaOx%2BYMKKawJcunRX%2BpzbZguw4AKR3AbXdvgASkwN207Ez12f8oriyui%2FjP0A%2BfcEDtZ4kQN%2FzjIdm7Am5CdHE%3D&jschl_vc=d3ee59a14590974398d51be23d20ed12&pass=1567718913.524-kqQ%2BXktrMs&jschl_answer=16.7363076909 HTTP/1.1 Host: www.extreme-down.xyz Accept-Encoding: deflate, gzip Cookie: cfduid=da6a14fd9d60248affab1ad5aa727c18c1567718909 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: : Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: : / Accept-Language: : * cookie: : cfduid=ded34bbf5af24b9011e22c4cfc1ea87021567718909

there is two times the cookie header, and you have an extra ":" in the headers

momala454 commented 5 years ago

$value = substr($requestHeader, $colonPos);

maybe put $value = substr($requestHeader, $colonPos +1);

KyranRana commented 5 years ago

Fixed. Try 3.2.1

momala454 commented 5 years ago

it works thanks :)

DrPaw commented 5 years ago

hey momala454 Dude, I can't get access to this site.can you help me?

www.ciprobet23.com I want to access this site, but I'm getting an error on my own server.

my server web site: betrost.com

momala454 commented 5 years ago

drpaw it doesn't work for me neither, i direclty have a captcha using a server ip