usage question

[XBeg9]

sorry, I haven't had enough time to discover and see how the whole perimeterX works outside of it's fingerprinting... but it looks like even if you get the payload and _px2 header, just a simple curl request is not going to work, right? what's your typical use of that deobfuscated script? You run it or replace the original request? Thanks in advance.

[MiddleSchoolStudent]

sorry, I haven't had enough time to discover and see how the whole perimeterX works outside of it's fingerprinting... but it looks like even if you get the payload and _px2 header, just a simple curl request is not going to work, right? what's your typical use of that deobfuscated script? You run it or replace the original request? Thanks in advance.

@XBeg9

The process of dealing antibot system:

1. Know what browser attributes they collect, then fake the corresponding attributes, either by using puppeteer / playwright, or by compiling your own Chromium. or, alternatively, putting together the payload yourself to make it look like a normal user. Both of these would definitely need to understand how their obfuscated code works, what fingerprints they collect, and how they put the data together.
2. curl definitely not enough, because TLS / http2 fingerprints are not the same as browser. You can search for what JA3 / JA4 is or check here. Usually, you can use curl-cffi, or compile the Chromium network stack yourself and make adapation with your project to make the tls/h2 fingerprint consistantly with the normal browser.

[XBeg9]

sorry, I haven't had enough time to discover and see how the whole perimeterX works outside of it's fingerprinting... but it looks like even if you get the payload and _px2 header, just a simple curl request is not going to work, right? what's your typical use of that deobfuscated script? You run it or replace the original request? Thanks in advance.

@XBeg9

The process of dealing antibot system:

1. Know what browser attributes they collect, then fake the corresponding attributes, either by using puppeteer / playwright, or by compiling your own Chromium. or, alternatively, putting together the payload yourself to make it look like a normal user. Both of these would definitely need to understand how their obfuscated code works, what fingerprints they collect, and how they put the data together.
2. curl definitely not enough, because TLS / http2 fingerprints are not the same as browser. You can search for what JA3 / JA4 is or check here. Usually, you can use curl-cffi, or compile the Chromium network stack yourself and make adapation with your project to make the tls/h2 fingerprint consistantly with the normal browser.

so for deobfuscated scripts here, you just inject them into the page (replace original init.js) or run them before hand? Hwo do you get a payload to produce _px2 and then use inside curl-cffi?... I am just trying to abandon the chrome... curious about this things.

[MiddleSchoolStudent]

sorry, I haven't had enough time to discover and see how the whole perimeterX works outside of it's fingerprinting... but it looks like even if you get the payload and _px2 header, just a simple curl request is not going to work, right? what's your typical use of that deobfuscated script? You run it or replace the original request? Thanks in advance.

@XBeg9 The process of dealing antibot system:

1. Know what browser attributes they collect, then fake the corresponding attributes, either by using puppeteer / playwright, or by compiling your own Chromium. or, alternatively, putting together the payload yourself to make it look like a normal user. Both of these would definitely need to understand how their obfuscated code works, what fingerprints they collect, and how they put the data together.
2. curl definitely not enough, because TLS / http2 fingerprints are not the same as browser. You can search for what JA3 / JA4 is or check here. Usually, you can use curl-cffi, or compile the Chromium network stack yourself and make adapation with your project to make the tls/h2 fingerprint consistantly with the normal browser.

so for deobfuscated scripts here, you just inject them into the page (replace original init.js) or run them before hand? Hwo do you get a payload to produce _px2 and then use inside curl-cffi?... I am just trying to abandon the chrome... curious about this things.

In my own projects, I generate payloads based on their code + algorithms, and then use uTLS to send the request without relying on Chrome because I'm familiar with how they work through deobfuscation. Here, I'll guide step by step how to write puppeteer / playwright with evasions to bypass PX checks.

It's also unwise to use the deobfuscated code directly; our purpose is simply to understand how they work

[XBeg9]

sorry, I haven't had enough time to discover and see how the whole perimeterX works outside of it's fingerprinting... but it looks like even if you get the payload and _px2 header, just a simple curl request is not going to work, right? what's your typical use of that deobfuscated script? You run it or replace the original request? Thanks in advance.

@XBeg9 The process of dealing antibot system:

1. Know what browser attributes they collect, then fake the corresponding attributes, either by using puppeteer / playwright, or by compiling your own Chromium. or, alternatively, putting together the payload yourself to make it look like a normal user. Both of these would definitely need to understand how their obfuscated code works, what fingerprints they collect, and how they put the data together.
2. curl definitely not enough, because TLS / http2 fingerprints are not the same as browser. You can search for what JA3 / JA4 is or check here. Usually, you can use curl-cffi, or compile the Chromium network stack yourself and make adapation with your project to make the tls/h2 fingerprint consistantly with the normal browser.

so for deobfuscated scripts here, you just inject them into the page (replace original init.js) or run them before hand? Hwo do you get a payload to produce _px2 and then use inside curl-cffi?... I am just trying to abandon the chrome... curious about this things.

In my own projects, I generate payloads based on their code + algorithms, and then use uTLS to send the request without relying on Chrome because I'm familiar with how they work through deobfuscation. Here, I'll guide step by step how to write puppeteer / playwright with evasions to bypass PX checks.

It's also unwise to use the deobfuscated code directly; our purpose is simply to understand how they work

is your _px2 always the same? I am seeing this right now on different browsers / IPs... Any ideas why?

[MiddleSchoolStudent]

is your _px2 always the same? I am seeing this right now on different browsers / IPs... Any ideas why?

Of course they can't be the same because different fingerprints and browsers would have to be faked

[XBeg9]

is your _px2 always the same? I am seeing this right now on different browsers / IPs... Any ideas why?

Of course they can't be the same because different fingerprints and browsers would have to be faked

can you please guide me, on how you get your _px2?

[MiddleSchoolStudent]

is your _px2 always the same? I am seeing this right now on different browsers / IPs... Any ideas why?

Of course they can't be the same because different fingerprints and browsers would have to be faked

can you please guide me, on how you get your _px2?

I don't want to open source the solution I'm currently using because I'm afraid PX will notice, also I don't want to use it publicly. But I will gradually open source alternative solutions in this repo.

[XBeg9]

is your _px2 always the same? I am seeing this right now on different browsers / IPs... Any ideas why?

Of course they can't be the same because different fingerprints and browsers would have to be faked

can you please guide me, on how you get your _px2?

I don't want to open source the solution I'm currently using because I'm afraid PX will notice, also I don't want to use it publicly. But I will gradually open source alternative solutions in this repo.

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

[MiddleSchoolStudent]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

[MiddleSchoolStudent]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

[XBeg9]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

[MiddleSchoolStudent]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

Tip, just looking at the code might slow down your understanding because you don't know the context variables, keep track of the call stacks. But if you use devtools overriedes to replace init.js into deobfuscated code and then add breakpoints, it might help you

[XBeg9]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

Tip, just looking at the code might slow down your understanding because you don't know the context variables, keep track of the call stacks. But if you use devtools overriedes to replace init.js into deobfuscated code and then add breakpoints, it might help you

exactly what I am doing right now... just don't know if it's worth the effort now :) I need very limited amount of pages visited, just got very curious about this whole thing

[MiddleSchoolStudent]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

Tip, just looking at the code might slow down your understanding because you don't know the context variables, keep track of the call stacks. But if you use devtools overriedes to replace init.js into deobfuscated code and then add breakpoints, it might help you

exactly what I am doing right now... just don't know if it's worth the effort now :) I need very limited amount of pages visited, just got very curious about this whole thing

Not worth it, that's actually bunch of shit code. they're technically terrible. If there are only very few requests, go for paid solver

[XBeg9]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

Tip, just looking at the code might slow down your understanding because you don't know the context variables, keep track of the call stacks. But if you use devtools overriedes to replace init.js into deobfuscated code and then add breakpoints, it might help you

exactly what I am doing right now... just don't know if it's worth the effort now :) I need very limited amount of pages visited, just got very curious about this whole thing

Not worth it, that's actually bunch of shit code. they're technically terrible. If there are only very few requests, go for paid solver

still, sportsmanship drives me to understand this right now... would be great if you can share anything that you can... so It does relax my brain now. Haha :)

[MiddleSchoolStudent]

I mean, I don't need exact steps... just curious... are you making payload (with fingerprints realized from deobfuscated code) trigger the query to /collector and then use the response as _px2 ? That's the whole idea?

yea exactly

ok, I am inside this payload mess right now, if you can bring some code examples, would save me a ton of time... can we telegram?

I don't use TG. I'll progressively update how this payload is composed here. You could also take a look at the deobfuscated code

yea, looking into nf(t, f); right now :)

Tip, just looking at the code might slow down your understanding because you don't know the context variables, keep track of the call stacks. But if you use devtools overriedes to replace init.js into deobfuscated code and then add breakpoints, it might help you

exactly what I am doing right now... just don't know if it's worth the effort now :) I need very limited amount of pages visited, just got very curious about this whole thing

Not worth it, that's actually bunch of shit code. they're technically terrible. If there are only very few requests, go for paid solver

still, sportsmanship drives me to understand this right now... would be great if you can share anything that you can... so It does relax my brain now. Haha :)

yea I'll continue make some updates this week

[XBeg9]

when I try to override, readable/init_9.0.8.js freezes the chrome instance... does it work on your side?

[XBeg9]

when I try to override, readable/init_9.0.8.js freezes the chrome instance... does it work on your side?

I will create a fix shortly, I think something got wrong during AST transform.

[XBeg9]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

[XBeg9]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

what you have committed is different then I am getting transformed using AST

[MiddleSchoolStudent]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

what you have committed is different then I am getting transformed using AST

I will take a look soon busy with other things.

[XBeg9]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

what you have committed is different then I am getting transformed using AST

I will take a look soon busy with other things.

here is my status update, reproduced the whole piece... but still, it doesn't allow me to do the request

here is my steps, I would appreciate if you can help me understand what's wrong here:

[Step 1]: get _pxhd cookie (I just make get query to main website, it sets cookie and I grab it using cookie header in response) [Step 2]: send the first request to /collector, and after this initial first request I'm already getting _px2 cookie, response looks like this after decoding

{ "do" null, "ob": {"cts":"SOME_UUID","cs":"SOME_CS","vid":"SOME_VID","_px2":{"exp":"172800","value":"*****"}}

[Step 3] set _pxhd, _px2 cookie to "target" request and send it. it fails with 403 👎 .

if I try a second request to /collector, then I get something like this:

{"do":["sid|SOME_UUID","cls|SOME_CLS","sts|SOME_STC","drc|SOME_DRC"]}

Should I finish this "do" first before making the actual request? I thought _px2 is more than enough to start requesting till they lock the session.

Thanks

[XBeg9]

Can you share any channel/email where we can communicate outside of GitHub? I have some proposals for you :)

[MiddleSchoolStudent]

Can you share any channel/email where we can communicate outside of GitHub? I have some proposals for you :)

middleschoolstudent@mail.ru

[MiddleSchoolStudent]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

what you have committed is different then I am getting transformed using AST

Okay I'm done, I'll start working on the issue you're having now.

[MiddleSchoolStudent]

@MiddleSchoolStudent have you seen this? Math["slice"] ? fully invalid code.

what you have committed is different then I am getting transformed using AST

updated here please try: https://github.com/MiddleSchoolStudent/PerimeterX-solver/commit/d9862b804ad752bf7c76b0557c377f34ed247ee8