Auth endpoint changes

[phamleduy04]

Just take a look, they introduced new changes on the /auth endpoint which validated the captcha token correctly. There is some workaround for this since this might lead to the use of external services.

• Use a captcha solver service like 2captcha, anticaptcha, capsolver, etc... to use the service. It will cost money (1-3 bucks per 1000 requests depending on which service) - Which is pretty cheap since we only need to grab the auth token once in a while.
• (Local host only): Use Puppeteer to automatically grab the auth token, which is expensive in computer resources but you don't have to pay for a 3rd party service. Also this not guaranteed you will get an auth token after this.

Originally posted by @phamleduy04 in https://github.com/phamleduy04/texas-dps-scheduler/issues/174#issuecomment-2296974804

[phamleduy04]

Currently, my approach is something in the middle of both things I mentioned above, the bot will support both functions.

The config will have an option for you to either choose captcha solver or automatically grab the auth token. If the automatically grab token feature fails and captcha solver settings are set up, it will fall back to the captcha solver steps.

If anyone has a better idea please let me know by commenting here or emailing dui@agentbot.xyz. Thanks 👍

[zerowebcorp]

I tested with a Puppeteer similar approach ( using Selenium) however, reCaptcha was able to detect that it is not a human

[phamleduy04]

Captcha type: Recaptcha Enterprise
Sitekey: 6LesF7oaAAAAAEvJD0hjmTUib8Q5PGjTo54U2ieP
Website: https://public.txdpsscheduler.com/

[phamleduy04]

I tested with a Puppeteer similar approach ( using Selenium) however, reCaptcha was able to detect that it is not a human

Did you try the puppeteer code that I already have on the app (but commented). This use Puppeteer stealth mode which make it harder to detect.

The code I mentioned is located here

[Perksey]

Note that SiteData indicates that the token expires every 20 minutes. The CATPCHA token can't be reused.

[phamleduy04]

@Perksey , Yeah I know the auth token has an expiration but I don't know how long so thank you for letting me know. After the token expires we can just grab the new token using those tactics above and we can grab another token.

[zxc2012]

pageurl: "https://public.txdpsscheduler.com/" sitekey: "6LesF7oaAAAAAEvJD0hjmTUib8Q5PGjTo54U2ieP" version: "V3"

[phamleduy04]

@zxc2012 is that v3 or enterprise? cause I saw when getting the token the app request to https://www.google.com/recaptcha/enterprise/reload

[zxc2012]

I've successfully obtained the captcha using enterprise v3.

@zxc2012 is that v3 or enterprise? cause I saw when getting the token the app request to https://www.google.com/recaptcha/enterprise/reload

[phamleduy04]

@zxc2012 it is v3, just solve it.But I still got 401 unauth when sending a request to /auth endpoint with the solved captcha token. Maybe my IP got blocked?

[zxc2012]

Yes. I'm also stuck at this point LoL.

@zxc2012 it is v3, just solve it.But I still got 401 unauth when sending a request to /auth endpoint with the solved captcha token. Maybe my IP got blocked?

[phamleduy04]

it is not IP banned because the official one still returning good data. might be the URL is wrong, I will try some of the URLs soon.

found this on source code

          , E = {
            local: "https://localhost:44339/api/",
            dev: "https://txpublicwebsiteapi-dev.azurewebsites.us/api/",
            qa: "https://txpublicwebsiteapi-qa.azurewebsites.us/api/",
            preview: "https://txpublicwebsiteapi-preview.azurewebsites.us/api/",
            stage: "https://txpublicwebsiteapi-stage.azurewebsites.us/api/",
            production: "https://apptapi.txdpsscheduler.com/api/"
        };

[Ceroshow]

Hello Guys, is the fisrt time that i want to use this tool, but i don't understand how can i get the token. can someone please told me how can i do it ?

[zerowebcorp]

Both 2captcha and capsolver don't work. Well, it generated the recaptch token but the /auth endpoint is failing with it.

[zerowebcorp]

I tested with a Puppeteer similar approach ( using Selenium) however, reCaptcha was able to detect that it is not a human

Did you try the puppeteer code that I already have on the app (but commented). This use Puppeteer stealth mode which make it harder to detect.

The code I mentioned is located here

Yes tried it by uncommenting. It did generate the captch token however receiving 403 on the next step.

[Perksey]

Maybe they're validating the IP address the CAPTCHA was solved using? Have you tried obtaining the token, then performing the auth request through 2Captcha's proxy?

[phamleduy04]

I dont want to pay for it, but i will try do to it local

[zerowebcorp]

I dont want to pay for it, but i will try do to it local

I can probably give you an API key for you to try out. I've already paid a couple of bucks to test.

[phamleduy04]

I have an 2captcha api key, i just dont want to pay for the proxy

[Perksey]

You can use a free proxy. You could even setup a HTTP proxy on your local machine (for testing), open that up to the world using ngrok or something, and tell 2Captcha to use that.

[phamleduy04]

make sense 👍

[phamleduy04]

2captcha doesn't support v3 with proxy. I will try capsolver then

[phamleduy04]

easier way, i use burp to "stop" the request from sending to /auth endpoint then get the token, might easier

[phamleduy04]

So I got the token, then turned on the VPN and sent the request, but the request still passed on my side.

[zerowebcorp]

So I got the token, then turned on the VPN and sent the request, but the request still passed on my side.

What method did you use to generate the token? I used your puppeteer script, the token it generated failed the /auth endpoint.

[phamleduy04]

@zerowebcorp, I use burp to stop the request when the frontend is trying to communicate to the backend. Then I extracted the token and used another HTTP client to send the request to see if I can get the token

[yoyoy74662000]

@zerowebcorp, I use burp to stop the request when the frontend is trying to communicate to the backend. Then I extracted the token and used another HTTP client to send the request to see if I can get the token

@phamleduy04 are you going to release new version soon?

[phamleduy04]

@yoyoy74662000 , I have not found a solution yet. Will update here if I found something

[NeatPopular]

Hey, thanks for work you've put into this bot for us! @phamleduy04

As this is my first time, could anyone explain to me how to run the code after the fix has been published?

[zerowebcorp]

Looks like this is it. :( Time to move on?

[zxc2012]

For anyone who wants to test, you can simply put the recaptch token into this callback function and paste it into console. That serves as the same for POST /api/auth ___grecaptcha_cfg.clients['100000']['L']['L']['promise-callback']('Your token')

It's very clear that they added a minscore requirement for the auth endpoint. I even tried the minscore 0.9 version and it didn't work.

[yousefa00]

@zerowebcorp, I use burp to stop the request when the frontend is trying to communicate to the backend. Then I extracted the token and used another HTTP client to send the request to see if I can get the token

@phamleduy04 to clarify, did you confirm that they are checking the captcha and request are made from the same ip / proxy? Is this the issue?

[phamleduy04]

@yousefa00 can you check it again? I did but I might do something wrong in the process

[khaiuy2005]

So I tried to run the code through githup and locally. All end up with 403. Can't even schedule on the officals website bc TypeError: Cannot read properties of undefined (reading 'data'). It's doom

[nigelthurlow]

I have used CapSolver to get the captch3 code. Same issues. 403.

[zerowebcorp]

Captcha solvers don't work, let's not waste money.

[nigelthurlow]

So is there any solution or is this a dead end now? If anyone knows how to make this work I’m happy to have a chat. I may even hire you.

[zerowebcorp]

What they have implemented is reCaptcha V3 which validates user actions and generates a score that tells the backend whether it is a human or bot. If you want to beat the reCaptcha which is a product from Google to block bots which this app is, you need to be smarter than the people at Google.

So is there any solution or is this a dead end now? If anyone knows how to make this work I’m happy to have a chat. I may even hire you.

[nigelthurlow]

What they have implemented is reCaptcha V3 which validates user actions and generates a score that tells the backend whether it is a human or bot. If you want to beat the reCaptcha which is a product from Google to block bots which this app is, you need to be smarter than the people at Google.

So is there any solution or is this a dead end now? If anyone knows how to make this work I’m happy to have a chat. I may even hire you.

So this project is now at a dead end with no further development planned?

[phamleduy04]

@nigelthurlow , I would say that. Even if we can find a way to implement this, it will be costly and even harder to use for non-technical users.

[phamleduy04]

I will archive this repo and if someone finds something, email me at dui@agentbot.xyz. It's great working with u guys 👍