OtterBrowser / otter-browser

Otter Browser aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5
https://otter-browser.org
GNU General Public License v3.0
1.83k stars 277 forks source link

Cloudflare checking your browser #1732

Closed LeoNeeson closed 2 years ago

LeoNeeson commented 2 years ago

I would like to report that using the latest Otter Browser v1.0.03 Release for Windows XP (2022-02-22), you can't pass the 'Cloudflare DDOS protection system', that checks your browser before accessing many websites. As is quickly described on Cloudflare website, it's "an interstitial page is presented to your site’s visitors for 5 seconds while the checks are completed". It has the typical message: 'Please wait, we are checking your browser.' or 'Please stand by, while we are checking your browser...' where you have to solve a hCaptcha, and they decide if let you pass or not (this is to avoid bots, but it's becoming a serious problem).

Even after successfully solving the captcha, you can't pass their protection page, and you enter in a loop, where you can be indefinitely solving captchas, but they never let you enter on the website you want to visit. Some examples: https://dutchycorp.space/ https://voip.ms/ (Custom Cloudflare error page)

There are many websites more, and not every visitor could 'trigger' this protection page, since this is something that Cloudflare determines, according to your location, your ISP, and your IP subnet.

As you already know, Cloudflare and his famous 'DDoS Protection' system, is currently protecting almost 7.59 million active websites (according to stats for 2022, available on internet), and this is growing everyday. My point is: this is becoming a true problem, since they decide if you can (or not) enter in a website, and if they don't like your browser, they deny you access. And this is what is currently happening when you use Otter Browser (and no, faking the UserAgent doesn't solve this issue).

This was already reported on issue #1706, but it was not correctly described and it wasn't given the importance and relevance that it really has. Please see if you can analyze this, and find a way on how you can tweak Otter Browser's code to pass the Cloudflare's browser checks. To me, this has a crucial importance in today's internet. I can provide more details if you need them (screenshots or whatever you need, just ask), since I can't never pass that Cloudflare's protection page when using Otter Browser.

Cheers, Leo.-

LeoNeeson commented 2 years ago

Could this issue be related to HTML5's Canvas feature? I've found out that if you disable Canvas on the latest Chromium, you can't pass the Cloudflare protection. But it seems that Otter Browser supports canvas: https://browserleaks.com/canvas

Do you have any clue of why this Cloudflare's blockage happens?...

GunGunGun commented 2 years ago

@LeoNeeson: CF tinkered with their DDOS Protection code and caused that problem, you should try to contact them to let them know and add Otter Browser to their "whitelist", really a joke of a big company: https://news.ycombinator.com/item?id=31317886

Emdek commented 2 years ago

@LeoNeeson, my guess is that there is some sort of JS issue or something like that in QtWebKit, please check error console if you will get it again.