TLS fingerprinting - Githubissues

dolfies / discord.py-self

A fork of the popular discord.py for user accounts.

https://discordpy-self.rtfd.io/en/latest/

MIT License

645 stars 151 forks source link

TLS fingerprinting #500

Open sudo001 opened 1 year ago

sudo001 commented 1 year ago

Summary

await bot.create_guild(name=...) returns 403 Forbidden (error code: 10008): Unknown Message

Reproduction Steps

⠀

Code

@bot.command(name="webhooksetup")
async def webhooksetup(ctx):
    await ctx.message.delete()
    file = json.loads(open("Data/webhooks.json", "r").read())
    guild = await bot.create_guild(name="Webhooks") # <- Here it breaks

Expected Results

Create guild.

Actual Results

403 Forbidden (error code: 10008): Unknown Message incident

System Information

Python v3.10.11-final
discord.py-self v2.0.0-final
aiohttp v3.8.4
system info: Windows 10 10.0.19045

Checklist

[X] I have searched the open issues for duplicates.
[X] I have shared the entire traceback.
[X] I am using a user token (and it isn't visible in the code).

Additional Information

⠀

dolfies commented 1 year ago

Discord utilizes TLS fingerprinting as part of anti-spam now. Pure Python doesn't really provide a way to mimic a browser TLS fingerprint. The TLS fingerprints of Python libraries like requests and aiohttp are fairly flagged due to the amount of spam originating from them. I'll try to influence the fingerprint slightly, but I'm eventually going to have to redo how requests work entirely to overcome this.

BlueSchnabeltier commented 1 year ago

You could use python-tls-client, i also made a binary for arm32 in my fork if that helps.

dolfies commented 1 year ago

You could use python-tls-client, i also made a binary for arm32 in my fork if that helps.

Thanks for the comment! I've been looking at fhttp and similar, but I'm unsure what the performance concerns would be like when using them in an async library.

More importantly, none of the projects I've looked at seem to support WebSockets, which is crucial for Discord.

BlueSchnabeltier commented 1 year ago

library.

Just found a package called CycleTLS on PyPi maybe take a look at that (its even asyncronous). Also it would be fantastic in you could take a look at my issue.

itschasa commented 1 year ago

More importantly, none of the projects I've looked at seem to support WebSockets, which is crucial for Discord.

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

dolfies commented 1 year ago

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

dolfies commented 10 months ago

Progress on this is being made on the refactor/tls branch. Right now, the blocker is WS support, which seems to already be an issue in curl_cffi.

itschasa commented 9 months ago

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

i just think it's unlikely discord actually looks at the bot score for the gateway endpoint, sure it's possible, and cloudflare probably do give it a score, but just unlikely in my opinion.

dolfies commented 9 months ago

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

i just think it's unlikely discord actually looks at the bot score for the gateway endpoint, sure it's possible, and cloudflare probably do give it a score, but just unlikely in my opinion.

They don't look at it as much, but it is for sure looked at. If you're not worried about gateway traffic, you can use the aforementioned branch (though it is a tiny bit unstable).