Does twitter_auth.sh still work?

[dhdurgee]

I successfully built Nitter with the cookie_header branch via these instructions:

https://github.com/cmj/nitter/wiki/Install

I am now at the stage where I am attempting to modify the basic nitter.conf and am getting the following with the script:

`dhdurgee@A31524PT:/opt/nitter$ ./twitter_auth.sh

cookieHeader = "ct0=; auth_token=" xCsrfToken = "" dhdurgee@A31524PT:/opt/nitter$ `

Does this script still work?

[cmj]

I should preface this by saying you are given 2 options in the wiki on how to obtain auth_token and csrf...

That said I just checked and the script still seems to work for me. It takes at least 1 try on my end.

Your output suggests some tool is missing in the script, also is your VM/host actually using bash?

This should be the output:

(Same script, different name)

As long as you can get an auth_token, you can just set a random string of 32 characters for your csrf/cs0 token. 32 zeros if you want. auth_token is the only thing that matters for cookies as far as I know.

The reason a script is supplied is that I believe cookies are expired after 30 days, so I'm trying to automate the process. You can just use your browsers if the script doesn't work in the meantime.

[cmj]

This is the latest attempt. I'm not sure where it's failing on your end.

https://gist.github.com/cmj/17fa133a948eedd0167bdcbff1dfff19

[dhdurgee]

Here is what I get:

`dhdurgee@A31524PT:/opt/nitter$ ./twitter-cookie.sh --- nitter.conf --- cookieHeader = "ct0=; auth_token=" xCsrfToken = "" --- cookies.json --- {"att":"1-tnK8ZVyTqxh8Zd0F6FeMn6fTvXpl5o8fN2oYGkOe","guest_id_marketing":"v1%3A173134753462989335","guest_id_ads":"v1%3A173134753462989335","personalization_id":"\"v1_k+JMQ3E6WXzqa/X6kjX6Rg==\"","guest_id":"v1%3A173134753462989335"} dhdurgee@A31524PT:/opt/nitter$

`

[cmj]

So just to be clear, you are getting the cookieHeader and xCsrfToken values, you just removed them from the comment (for good reason)?

If so, enter those two lines into nitter.conf: https://github.com/cmj/nitter/blob/d89893f1769327be42323c077a9d148d6b9c0c5a/nitter.example.conf#L38-L39

Again if this isn't working, the other option of just extracting it from your browser is a fail-safe method.

[dhdurgee]

No, I simply copy/pasted from my terminal window. I thought seeing exactly what is being returned would be of assistance to you in determining what is failing. Per you earlier question:

`dhdurgee@A31524PT:/opt/nitter$ echo $SHELL /bin/bash dhdurgee@A31524PT:/opt/nitter$

and

dhdurgee@A31524PT:/opt/nitter$ which jq /usr/bin/jq dhdurgee@A31524PT:/opt/nitter$

[cmj]

OK thanks, I see it now. If I comment out the if statement that checks for unusual activity it will continue with the script and return empty values like what you're seeing.

I'll have to play around with how it checks the login flow is working. It is known to not work 100% of the time so if you run it a few times, say 5 seconds apart, eventually it does seem to work.

This part is breaking on your end: https://github.com/cmj/nitter/blob/d89893f1769327be42323c077a9d148d6b9c0c5a/twitter_auth.sh#L45-L48

# disable "suspicious activity" check
12:30:42 /tmp$ ./twitter_auth.sh
cookieHeader = "ct0=axxxxxxxxxxxxxxxx; auth_token=c0bxxxxxxxxxxxxxxxxx"
xCsrfToken = "aaxxxxxxxxxxxxxxxxxxxx"
12:30:48 /tmp$ ./twitter_auth.sh
cookieHeader = "ct0=5exxxxxxxxxxxxxxx; auth_token=0exxxxxxxxxxxxxxxxxx"
xCsrfToken = "aaxxxxxxxxxxxxxxxxxxxx"

# fails on 3rd attempt
12:30:57 /tmp$ ./twitter_auth.sh
cookieHeader = "ct0=; auth_token="
xCsrfToken = ""

It should at least be fixed to exit with a non-zero status if the flow breaks so it can continue to be executed until it is successful... Which seems to be less than 5 attempts.

[cmj]

There has been some suspicion that Twitter is flagging/denying known commercial hosting ip ranges too. Running on my residential network I'm not seeing issues, but if i run it on some public shell servers, the login flow fails at username every single time. So this might be the overall issue.

Testing on numerous accounts:

# Line 47: jq -r '.subtasks[0].cta.secondary_text.text' <<< "${flow_3}"; exit

 ~$ ./twitter_auth.sh
We blocked an attempt to access your account because we weren't sure it was really you.

This happens when we notice unusual login activity, like an attempt to log in too many times, or from a different location or device.

If those suspicions are indeed valid, I'll have to play around with adding a (residential) proxy option to the script, if people choose to run this on a commercial VPS.

Reference: https://github.com/d60/twikit/issues/247#issuecomment-2462723720

[dhdurgee]

I am not using a VPS, I am on a residential internet connection with Century Link. The IP address is: 174.29.65.18 here. I have your software on my Linux Mint 22 cinnamon laptop.

[cmj]

All right, I'm going to clean a few things up in the next couple days. Thanks for your feedback. I ping you with an update.

[alphaleadership]

for windows this dont work

[alphaleadership]

jq dont exist

[cmj]

@dhdurgee I updated some elements to the script. I have it loop 3 times as well. Try this when you get a chance: https://gist.github.com/cmj/408a3c003834526c97804e8fa5829afe

Some testing shows I can auth successfully once every 60 seconds. One account kept authing properly almost ever 5 seconds, so there are some things I don't understand at play on their end.

@alphaleadership I don't have Windows handy at the moment... also https://jqlang.github.io/jq/download/

[dhdurgee]

I regret to say that I am seeing no change here as you can see:

dhdurgee@A31524PT:/opt/nitter$ ./twitter_auth.sh cookieHeader = "ct0=; auth_token=" xCsrfToken = "" dhdurgee@A31524PT:/opt/nitter$ ./twitter_auth.sh cookieHeader = "ct0=; auth_token=" xCsrfToken = "" dhdurgee@A31524PT:/opt/nitter$ ./twitter_auth.sh Suspicious login prevented Retry 1/3 in 20 seconds... cookieHeader = "ct0=; auth_token=" xCsrfToken = "" dhdurgee@A31524PT:/opt/nitter$ ./twitter_auth.sh cookieHeader = "ct0=; auth_token=" xCsrfToken = "" dhdurgee@A31524PT:/opt/nitter$

I have no idea why it doesn't work for me.

[cmj]

@dhdurgee Thanks. So it looks like i was able to get the original Twitter oauth script working...

Which means you can pretty much scrap this branch and stick with master. Either this one (has a few more features) or the upstream, zedeus guest_accounts branch.

The new-old auth script: https://github.com/cmj/nitter/blob/master/twitter_oauth.sh

Just follow the instructions in README, dump the output from the script to guest_accounts.jsonl and you should be set.

I'll keep this branch and the cookies script around for those who want it, but it's apparently not needed... And doesn't support multiple accounts...