Closed eldark closed 4 years ago
@eldark Did you succeed to trigger the checkpoint_url directly on your web browser? If yes, how? (changing ip or other way?)
@eldark Did you succeed to trigger the checkpoint_url directly on your web browser? If yes, how? (changing ip or other way?)
Nope. My app was designed to run from the command line, so I would have to refactor a lot to try that. But now that you mention, it might be possible to go to that checkpoint_url, capture the button and simulate a click.
If you point to https://www.instagram.com/ + checkpoint_url, you get redirected to the "We Detected An Unusual Login Attempt" page, prompting you to click "This Wasn't Me" or "This Was Me". So there might be something useful there.
@eldark Weird. I tried to connect my dummy account with various IPs around the world and I never get any checkpoint_required. 😞
Do you have a dummy account to share?
@eldark Weird. I tried to connect my dummy account with various IPs around the world and I never get any checkpoint_required. 😞
Do you have a dummy account to share?
Not really. I'm using a client's Instagram account.
Do a var_dump of $response->body, at line 1550 (Instagram.php). There you'll see that array.
@pgrimaud you can try my account, is not my primary account, just for scrapping user: xnuqi
to see an error i change this line https://github.com/postaddictme/instagram-php-scraper/blob/f98597de5bc75185ecd87f2ae8f1f8c320070637/src/InstagramScraper/Instagram.php#L1561
to show error using json_encode($response)
throw new InstagramAuthException('Something went wrong. Please report issue.'.json_encode($response), $response->code);
Thank you so much @ibnux for your credentials. 🙏 🙏 🙏 🙏 🙏 I may have more question for you, can you contact me on Twitter or Discord?
I got the 400 error now.
I will write a "Proof of concept" script to trigger verification.
How it works :
What do you think about it?
Connection through SMTP. Very clever. I'm up to trying your approach.
@sacabezas on Twitter
Thank you so much @ibnux for your credentials. 🙏 🙏 🙏 🙏 🙏 I may have more question for you, can you contact me on Twitter or Discord?
I got the 400 error now.
I will write a "Proof of concept" script to trigger verification.
How it works :
1. Try to login 2. Got 400 error "checkpoint_required" 3. Trigger email verification 4. Connect to your email inbox using SMTP 5. Wait for Instagram verification email 6. Parse verification code from email 7. Make a request to instagram with this code to complete verification 8. Verification is done, then save session
What do you think about it?
You can find me on twitter with same username @ibnux or telegram or Discord ibnux#2048
yes i got verification number on my email, maybe smtp will work
Connection through SMTP. Very clever. I'm up to trying your approach.
I'm fucking dumb. IMAP, not SMTP. 🤦🏻♂️
I can now bypass automatically this checkpoint challenge thank to @ibnux & @eldark 🔥
I tried this :
1. Try to login
2. Got 400 error "checkpoint_required"
3. Trigger email verification
4. Connect to your email inbox using SMTP
5. Wait for Instagram verification email
6. Parse verification code from email
7. Make a request to instagram with this code to complete verification
8. Verification is done, then save session
I wrote a PoC on my own Instagram scraper : https://github.com/pgrimaud/instagram-user-feed/blob/feature/checkpoint-challenge/src/Instagram/Auth/Login.php
I will write better code in the next days then submit a PR here.
Excellent, @pgrimaud . Will check your code and see if I can get it sort of work on my end. I will also wait for your PR before closing this, so @raiym can work in peace.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Ok, after #670 , and after the temporary fix I still can't get login() to work on accounts I know are working.
I did a var_dump of $response->body, at line 1550, and this is what I got:
object(stdClass)#15 (4) { ["message"]=> string(19) "checkpoint_required" ["checkpoint_url"]=> string(33) "/challenge/9840808137/1DcjKgL2rM/" ["lock"]=> bool(false) ["status"]=> string(4) "fail" }
I assume this is the challenge @ibnux mentioned in his message. I'm assuming as I run this from the command line, not from the browser.
How can I circumvent this without, as suggested there, creating new accounts?