Closed ghost closed 2 years ago
Setting __ddg2
to a random value seems to work, at least for me, so that's what gallery-dl is doing now when that cookie isn't set:
https://github.com/mikf/gallery-dl/blob/1f02878351731c207b51a17dc528ef0a47d726bc/gallery_dl/extractor/common.py#L342-L345
Say, is this service reliable enough to actually block real DDoS attacks when its check can be tricked that easily, at least by single, individual users?
Say, is this service reliable enough to actually block real DDoS attacks when its check can be tricked that easily, at least by single, individual users?
Should be. The actual DDoS detection happens on a different layer than the browser check, and has stopped major attacks on the site before. As to why the browser check exists at all then... ¯\_(ツ)_/¯
Just a few notes I have from some testing/reverse engineering, hopefully this helps gallery-dl work a bit better with Kemono.
__ddg2
appears to be the only cookie that matters. DDoS-Guard will set__ddg1
in the response if it was absent from the request, but will not trigger the check screen if it isn't there.__ddg2
cookie can be retrieved from this endpoint;https://check.ddos-guard.net/check.js
. An example in Python is shown below;def get_ddg_cookies(url): r = requests.get('https://check.ddos-guard.net/check.js', headers = { 'referer': url }) r.raise_for_status() return r.cookies.get_dict()['__ddg2']
k = requests.get('https://kemono.party', cookies = { '__ddg2': get_ddg_cookies('https://kemono.party') }) k.raise_for_status()