Closed iaston closed 1 year ago
A few possibilities:
A few possibilities:
- Expired session token
- Using proxy (which sometimes lead to cloudflare issues)
I'm facing the same issue and it's definitely neither of the possibilities you mentioned. I'm not using a proxy and I double-checked my session token.
That is very strange. Does it say "failed to refresh session" or repeated "Browser spawned"?
It's a bit difficult to resolve when I can't replicated so as much detail as possible would be appreciated.
OS version: Python version: Chrome version: Country: Selenium version: Undetected Chromedriver version: Full error logs and output:
Put output in code block
Spawning browser...
Browser spawned.
Found Cloudflare Cookie!
Spawning browser...
Browser spawned.
Found Cloudflare Cookie!
Clearance refreshing...
Spawning browser...
Browser spawned.
Found Cloudflare Cookie!
Clearance refreshing...
Spawning browser...
This repeats infinitely.
Cookie is found but it doesn't pass cloudflare. It could be a bug with some form of fingerprinting. Any way for me to replicate this?
On another note, does this also happen with Microsoft login or email/password? If you don't have 2captcha, you can find some leaked on GitHub: https://github.com/search?o=desc&q=config+%3D+%7B+++++++++++++%27server%27%3A+++++++++++%272captcha.com%27%2C+++++++++++++%27apiKey%27%3A+++++++++++%27&s=indexed&type=Code (lol)
I don't have access to an openai account with email/password or Microsoft. This is the webpage that gets returned which causes the Clearence refreshing to happen.
<!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<h1 class="zone-name-title h1">
<img class="heading-favicon" src="/favicon.ico"
onerror="this.onerror=null;this.parentNode.removeChild(this)">
chat.openai.com
</h1>
<h2 class="h2" id="challenge-running">
Checking if the site connection is secure
</h2>
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=781bfefe58cbd484')"></div>
<div id="challenge-body-text" class="core-msg spacer">
chat.openai.com needs to review the security of your connection before proceeding.
</div>
<form id="challenge-form" action="/api/auth/session?__cf_chl_f_tk=blurred" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="8vuXGXcnYikblurredH7bI8-1672416107-0-Ae3RBkp4Fc7pMdMRIt_HxITjyK_K5Dgx-rTE1MzQyRU71xgISXui8HY5L2peGUS_8PozC0bZ_abm9Bfi5fsYblurredzfxpbm7t_fg6qn-UIp2JNtwypAW3IDSblurrediOukqLo0qgnR64OI_0a0BG1WR2c6w7c2U2SNeLmUxaZiixW03G0phb90WTWJJnPUlgqlwVsXGbYQqoHcERryM3vB8HWrIWcucJ1uRytQqOozU3M_XWJEnnbJcC01rgLwVA8yiY2cKWaQucoMrWJgGrQuIOwUsaOykDwYlxNHG-8Pe49i_8mQ_QDzpoWuyvqjovwej6OPM5y6WblurrediucWvqs7L">
<input type="hidden" name="r" value="lGOkOaOy_jSUfLN46ESIPoWhCCEq1.H08Pfk8eptYZw-1672416107-0-AQT3jHXdkhBn3X890Ev7nBq9V0rZ5dglenaXHJcDp3oigcDmYEsYE/xwmFJGuWp8+2JZo5k2uzgf1BdoPo7Cvl2lO4ko25tYal6iluxlNjjlgQF6b+grEENgYrmbnpVCNCVf+eJIF1uJg9EK588S5BsIN0ItntmfJ8IvcgzGeSiYzM4tAX1J5MQUQU4LYzyllnHz++gyu/Nn0ANU6m91L5wiyjZZtFy/elpblurredWo+I5ts8TIFEGIwYJj7ACPllA8Z1+bXKK6w/79Z1HVpGNIz2Zo3kdrK1jMBnMxsjQAI9+c64R19NOQReUW3KuFlx63dJK8TOBFKTAEwFkQBtPTwTKW7/rj7cP1RzCbXVtqcW5KffgqG269qmRr8ZarEHCiONV9Mv165AsGrj3tonuu4H+stuNQRO2oDmQ4M7AvlDhk8lWOrAAOK0NsLHv/q6UNmeumghGH1liEuu7XKop9irdHjRtlJS0Vh5PcYqVPbRtXEYUx791tf8UTJoWOPRhbgf4Thzfxe4OHDPf/WW6g/25N/SYICb/5doDcw37+DEtoDITMWsBymiYIZ11ZS9+0TmpUjBd4Igt8C1Hhg2KReIIYkaZJmRnJg9c+Bo/mIBcoCNgNoYbBOTSnyI+vOOInH+MT5U1oNQBKYtuobOzg0JXQ3NSjwluu3w/M401TrLORZbclblfE9S3ya+UgV0FAE/Lo1icXj3Uz4H3Z5UD1VaIfWGrm4/pNQfHDFxAIJuZGkJxB3ZHoQAsiyB7aM8ynnebzMgL12QOx1Y2TnKMW8+lYxXko2HnGTLwlwEaFQaX5OH0LL+X98ysSk33Z53CwBAxlCkvEou2Uy8NmzUQjZhAVbLtehuwyisLVM1Ob5JxmnxHvOiQ7P7W5lZc206udcH3VFCgO/7Sek92C+snhEFont8Uzpu5OwCM5RwRF0mnSqZjO2AFdR1JrnyKe+cxZ1B7h+UZyFXCamabVVHnkUsQH/DBSzRBtdlTXeu5kSGmKQtTQYjhGOvYjm3EFOqr9QR2Yk+QVlblurredGu6+uxsLOXRWGl2sTftbdy1rXgXj0ucBmHhKj+VefW07r1Q9Go7BK8hl2r6w41ivAKFt4FHmPALyAu6Ttqvd9FwkAPJNoHLfod5p3EwwBFxeB7ywPzM2nA+Fjh1/RP86BHrsY6XE07Ci8vALGM27636YD32WCz6ST84RY9cqiCiAPsmequXXXhauMst+D8xOgCXxOlEgSXEWw819fCnXwyFGb7NK9oS0k94QWYZg3dznrQihmVTjZMXL4B1Bo3FQ5DX7AalyWF8HvP/XWukymotGMvEGKtrBpU8dksIeaTWz/3xWJq6FhZ7gbQ2tv11yef7Hs0ALvzurZ41kDcGyCx8T9eM98ZTANDtY44+H61r8BoLowbjA0zEW6l/4T1KjHCMNTIGEKR/FepQCZJN13IvXEYpCkgG5YpZSo4tFXU4gttp8yIDMcWxb/N45HrXeNc3xMgjrzoeGV6a3SfcQCVFQp4vRG3mipHTnDJby63LzSgPHxrbpX8QU59Eyq+5BBwowA4KergO4ZWES85ToRMCC1mvFRDNPC4R2pxVSyU5hX4wgkAASDD5yQofX8uynXaFw8dhJN00I4vh+7d+6qpZvAZGfk+pAuqdxj5LyL13AlV0f9oxexkTkKh2nxtQJaAi6L8N1/BVAigF3SseNDlFgoTDixFeZXYNJixdateaeXSpsiSpb4JZ+xoep3easNP2p1qdTb0XFXKnK+TqpPnyTbeEC3xIIjgrgvdcpJpwNaYtpT+zy+tuQi6mS3XvIYNLMPGBspm6yTA0ZP1m2Z6u3v6WRim73FjSSG7cYTo1E8s">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cType: 'managed',
cNounce: '69909',
cRay: 'blurred',
cHash: 'blurred',
cUPMDTk: "\/api\/auth\/session?__cf_chl_tk=blurred",
cFPWv: 'g',
cTTimeMs: '1000',
cTplV: 4,
cTplB: 'cf',
cRq: {
ru: 'blurred',
ra: 'blurred',
rm: 'R0VU',
d: 'blurred',
t: 'blurred=',
m: 'blurred=',
i1: 'blurred+Q==',
i2: 'OF0++blurred==',
zh: 'blurred+blurred=',
uh: 'blurred+ejtUZNcz6o7wFM=',
hh: 'blurred=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=blurred');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=blurred';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, -window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/api\/auth\/session?__cf_chl_rt_tk=blurred" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
<div class="footer" role="contentinfo">
<div class="footer-inner">
<div class="clearfix diagnostic-wrapper">
<div class="ray-id">Ray ID: <code>blurred</code></div>
</div>
<div class="text-center">Performance & security by <a rel="noopener noreferrer" href="https://www.cloudflare.com?utm_source=challenge&utm_campaign=m" target="_blank">Cloudflare</a></div>
</div>
</div>
</body>
</html>
So I think there's something wrong with bypassing cloudflare rather than the session token. Maybe the tls package is detected. I checked if it sends the correct cf_clearance cookie and the user agent and the session token and all are sent correctly.
I don't have access to an openai account with email/password or Microsoft. This is the webpage that gets returned which causes the Clearence refreshing to happen.
That is confusing. Then how are you getting a session token?
So I think there's something wrong with bypassing cloudflare rather than the session token. Maybe the tls package is detected.
It is either that or the IP address or user agent from which you got the cf_clearance differs from the Chrome browser.
It's unlikely that the TLS package is getting detected as that should be universal and it seems to be working for most people. Still a possibility though
That is confusing. Then how are you getting a session token?
I'm using a Google account for my openai account.
It is either that or the IP address or user agent from which you got the cf_clearance differs from the Chrome browser.
Both user agent and cf_clearance are grabbed by the program from the browser so those don't differ. I also don't have any kind of proxy or VPN enabled so the IP should be the same.
I suppose it is probably a TLS fingerprint issue then. Do you know how to find the JA3 fingerprint in wireshark?
Another possibility: Cloudflare is now tracking the JA3 fingerprint across sessions. I might need to update the default JA3 fingerprint. The default right now is chrome_105 but you have chrome_108.
I suppose it is probably a TLS fingerprint issue then. Do you know how to find the JA3 fingerprint in wireshark?
JA3: 9e316a9ca82900f98871744be5d2e7e9 JA3 Full-String: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,11-5-18-35-43-45-0-13-10-17513-27-23-16-65281-51-21,29-23-24,0
Another possibility: Cloudflare is now tracking the JA3 fingerprint across sessions. I might need to update the default JA3 fingerprint. The default right now is chrome_105 but you have chrome_108.
I changed it to chrome_108 but it's still behaving the same.
Just tried to manually specify the ja3 but still the same behaviour
I'm getting completely different JA3 fingerprints.
JA3: bc43e9c6f0fcbca8d1b85b102df4c7cf
I'm getting completely different JA3 fingerprints.
What's your chrome version?
108
It might not be JA3 fingerprints though. Might be another mechanism I'm unaware of
Can you share your ja3 fingerprint and full chrome version
Chromium 108.0.5359.124 snap
Frame 265: 569 bytes on wire (4552 bits), 569 bytes captured (4552 bits) on interface wg1, id 0
Raw packet data
Internet Protocol Version 4, Src: 10.66.66.2, Dst: 93.184.216.34
Transmission Control Protocol, Src Port: 55230, Dst Port: 443, Seq: 1, Ack: 1, Len: 517
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: a13b1696150a22356632c207f7b41a9e79a06bc89003e5907bef85d093c170f4
Session ID Length: 32
Session ID: 012c4b3e7f280eb7f9dd1d759a191b95ca3121d4c9f24f912b64693ce8b71507
Cipher Suites Length: 32
Cipher Suites (16 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 403
Extension: Reserved (GREASE) (len=0)
Extension: server_name (len=16)
Extension: extended_master_secret (len=0)
Extension: renegotiation_info (len=1)
Extension: supported_groups (len=10)
Extension: ec_point_formats (len=2)
Extension: session_ticket (len=0)
Extension: application_layer_protocol_negotiation (len=14)
Extension: status_request (len=5)
Extension: signature_algorithms (len=18)
Extension: signed_certificate_timestamp (len=0)
Extension: key_share (len=43)
Extension: psk_key_exchange_modes (len=2)
Extension: supported_versions (len=7)
Extension: compress_certificate (len=3)
Extension: application_settings (len=5)
Extension: Reserved (GREASE) (len=1)
Extension: padding (len=204)
[JA3 Fullstring: 771,51914-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,27242-0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-56026-21,51914-29-23-24,0]
[JA3: bc43e9c6f0fcbca8d1b85b102df4c7cf]
Can you try to use the same version as me?
My internet is shit and chome will probably take an hour to download (and it's 1AM). Maybe tomorrow
I'm noticing a difference that I'm using ipv6 and you're using ipv4 in Google Chrome. Maybe that is something that will cause problems if the tls package uses ipv4.
The TLS client is very rudimentary so I doubt there is intentional / well thought out ipv6 support. I forked it with minor changes and didn't read the full source code. Can you try using it with ipv4?
Looks like it does use ipv6 when I checked with wireshark. I also noticed the browser spawned by selenium has a different ja3 than the normal browser. I will try to force it to use ipv4 but I'm not sure how to do that.
Not sure on Windows but there should be a network setting for that. https://superuser.com/questions/436574/ipv4-vs-ipv6-priority-in-windows-7
Yup, using ipv4 still has the same issue. Interestingly the ja3 of the normal browser changed. Maybe that one is randomized? For some reason Wireshark also doesn't pick up the openai requests from the selenium browser but only the normal browser. Also just for information, when the program starts the browser is it supposed to be logged in?
Also just for information, when the program starts the browser is it supposed to be logged in?
Not if you're using session token
Maybe that one is randomized?
Possibly. It may be specific parts of the JA3 string it picks up on
selenium browser
Rather than opening up selenium, mine spawns my default browser. Is that not the case for you?
selenium browser
Rather than opening up selenium, mine spawns my default browser. Is that not the case for you?
Mine also spawns my default browser, I assumed it was slightly different because they had different ja3 but now that I noticed that the normal browser randomizes them I'm not sure that they're different. I can't check if the ja3 of the browser spawned by selenium is different because wireshark doesn't pick those requests up anymore.
I have no idea what is going on and can't fix it. Need help from others experiencing this issue
I have the same problem in Windows
Bug in TLS-client could be contributing factor: https://github.com/FlorianREGAZ/Python-Tls-Client/issues/25
Session cookies not getting updated
Check out acheong08/ChatGPT-lite. It solves all the annoying browser problems at the cost of your privacy
Check out acheong08/ChatGPT-lite. It solves all the annoying browser problems at the cost of your privacy
It does not appear to be able to authenticate as an email and password.
Yeah. No email/password support there yet
Yeah. No email/password support there yet
Is this session fixed, or will it expire?
It automatically refreshes on the server side
It automatically refreshes on the server side
Wow that's cool
@PawanOsman's work
I am facing a similar issue. However, by switching from sessiontoken to email+password+2captcha authentication (not sure it's related tho)_ I am now able to pass the login phase on the ChatGPT website . But after that I am back again stuck in the infinite loop.
I ran in debug mode and the functions that spawn a browser are executed in this order: email_login -> get_cf_cookies -> get_cf_cookies -> get_cf_cookies -> ...
I'm thinking that the function refresh_session() might be calling get_cf_cookies() again and again.
The reason here is that refresh session is returning a cloudflare page rather than the intended data. Might be due to new cloudflare protections put in place. I haven't been able to replicate this though.
Would you need any data about my setup to compare the difference with yours? Or could you provide somewhere an example (screenshot, gif, video,...) of the expected behavior? I'm intrigued to know what it is like.
Well I am not sure why, but everything is now working perfectly for me without having to do anything 🙃 It's a good thing, I guess
I got the same problem, and can not solve it.....
Describe the bug When init a chatbot, it got stuck in an infinite loop. Even though i have cleared all cookies in chrome.
To Reproduce Steps to reproduce the behavior:
Expected behavior
Output In the correct directory, run
python3 -m revChatGPT --debug
Environment (please complete the following information):
Please update your packages before reporting!
pip3 install --upgrade OpenAIAuth revChatGPT
OS: [e.g. Linux, MacOS, Windows]
Windows 11
Python version:
python -V
Python 3.9.6
ChatGPT Version:
pip3 show revChatGPT
OpenAI Version:
pip3 show OpenAIAuth
Additional context Add any other context about the problem here.