acheong08 / ChatGPTProxy

Simple Cloudflare bypass for ChatGPT
The Unlicense
1.33k stars 326 forks source link

How does it work without setting any Cloudflare related cookies? #59

Closed Germey closed 1 year ago

Germey commented 1 year ago

How does it work without setting any Cloudflare related cookies? I checked your code did not set any __cf_bm related cookies, how does it bypass cloudflare? Is it because tls_client can bypass it? I saw the cloudflare related profile here: https://github.com/bogdanfinn/tls-client/blob/09eace9c44148f7d8fccf8e829baebf14edce1d9/custom_profiles.go#L398

acheong08 commented 1 year ago

OpenAI misconfiguration. They turned security level from highest to high on backend-api endpoints

Germey commented 1 year ago

Thanks, this is interesting, I checked the security level is indeed lower than before, it also does not check the consistence between browser's cf cookies and browser's fingerprint. It's a good news.

Did you tested the IP blocking issue from OpenAI side after the security level changed? For example, if we requests too many times in an hour (imagine there are no account request limits, we have lots of accounts and lots of access tokens to unblock the rate limit per account). Will OpenAI block this IP address or even deactivate accounts? I suppose the http_proxy is still needed in case of the IP blocking.

acheong08 commented 1 year ago

Rate limits now seem to also be applied per IP. Even with a large number of access tokens, a fresh one throws "Too many requests in 1 hour".

If anyone can bypass SSL issues on https://chat.openai.com.cdn.cloudflare.net/backend-api/conversation, we should be able to fix everything. @pengzhile seems to have figured out the SSL issues but haven't shared the method

wangjiyang commented 1 year ago

So this repo is working again? It's really a good news. GPT4 API is too expensive.

acheong08 commented 1 year ago

Yes

xixixi2000 commented 1 year ago

Rate limits now seem to also be applied per IP. Even with a large number of access tokens, a fresh one throws "Too many requests in 1 hour".

If anyone can bypass SSL issues on https://chat.openai.com.cdn.cloudflare.net/backend-api/conversation, we should be able to fix everything. @pengzhile seems to have figured out the SSL issues but haven't shared the method

u mean this ?

_cfuvid for Rate Limiting Rules The Rate Limiting Rules product uses a number of techniques for applying rate limits to traffic where multiple unique visitors share the same IP address, such as traffic from behind a NAT. These techniques can be enabled by using the cf.unique_visitor_id field in the rate limiting configuration.

The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address. Visitors who do not provide the cookie are likely to be grouped together and may not be able to access the site if there are many other visitors from the same IP address.

acheong08 commented 1 year ago

I'll check this out. Perhaps stripping the cookie could fix this issue

xixixi2000 commented 1 year ago

I'll check this out. Perhaps stripping the cookie could fix this issue

yes, or get more _cfuvid to serve more requests :) access with a effective __cf_bm can get one

acheong08 commented 1 year ago

It assigns a new _cfuvid if request is sent with none

acheong08 commented 1 year ago

_puid also works again given a clean IP

xixixi2000 commented 1 year ago

Owner

only _puid ? no need __cf_bm?

acheong08 commented 1 year ago

Owner

only _puid ? no need __cf_bm?

Yes.

xixixi2000 commented 1 year ago

is https://www.projecthoneypot.org/ useful to make a clean ip?

acheong08 commented 1 year ago

_puid also works again given a clean IP

If your IP is clean, you can succeed even without using _puid, so it is no longer needed.

What I mean is the main site. chat.openai.com/

acheong08 commented 1 year ago

is projecthoneypot.org useful to make a clean ip?

Just find a residential proxy

xixixi2000 commented 1 year ago

I put my ip in the whitelist of honeypot yesterday, and I can get a effective __cf_bm today without any cookie and chanllenge If I do so before, I would get a 403 error

it's a bit pity that some unclean ip still cannot get a acesstoken via login, the server return 429 , but with a __cf_bm, I can send message via that unclean ip with a acesstoken I got already

acheong08 commented 1 year ago

_puid also works again given a clean IP

If your IP is clean, you can succeed even without using _puid, so it is no longer needed.

What I mean is the main site. chat.openai.com/

Me too. have a try.

Oh yes. That's interesting. I suppose proxy isn't needed anymore

acheong08 commented 1 year ago

Hmm I removed the cookies but rate limiting still happening

xixixi2000 commented 1 year ago

Hmm I removed the cookies but rate limiting still happening

remove _cfuvid ? not many _cfuvid ?

acheong08 commented 1 year ago

Hmm I removed the cookies but rate limiting still happening

remove _cfuvid ? not many _cfuvid ?

Not sure how to get multiple without using a web browser

xixixi2000 commented 1 year ago

access the session page or account check page with a effective __cf_bm can get one?

acheong08 commented 1 year ago

How to get __cf_bm automatically then?

xixixi2000 commented 1 year ago

How to get __cf_bm automatically then?

Sometimes, I can get __cf_bm with a simple browse with a tls_client, but normally, need to run an undetected_chromdriver, the project of linweiyuan can share the __cf_bm between processes, and each process can get an individle cf unique user id, so we can run a cf unique user id pool to send many requests?

xixixi2000 commented 1 year ago

some resources maybe useful https://github.com/nataliakzm/web_scraping/tree/main/bypassing_cloudflare # need some modify? https://github.com/FlareSolverr/FlareSolverr https://github.com/iain17/go-cfscrape # need some modify? https://scrapeops.io/web-scraping-playbook/how-to-bypass-cloudflare/

acheong08 commented 1 year ago

PUID gets around cloudflare rate limit

MichaelZhouwang commented 1 year ago

Hey is there any other method to bypass the cloudflare rate limit? I'm not getting too many requests in one hour message even with many access tokens. But it seems the proxy used in the revChatGPT repo is not limited by the same limitation. How should I bypass this limit? Thanks!