This applies techniques from https://github.com/VeNoMouS/cloudscraper to more closely mimic requests from a browser, so there is a better chance of not being detected as a bot to have to deal with a captcha in the first place. In my testing, these changes created identical requests to cloudscraper, allowing me to access pages that were previously protected with a captcha.
Summary of changes:
Capitalized header names. While the specification is that case doesn't matter, Chrome and Firefox seem to send them capitalized.
Ordered headers. "Host" needs to be the first header.
Various other SSL settings that are needed to generate "Client Hello" packets identical to those of cloudscraper.
For my purposes, I needed to be able to scrape https://bouqs.com/, but without these changes, I was blocked by a challenge. After these changes, requests go through with no challenge. I'm not terribly familiar with the Cloudflare firewall, but I know they compute a "Bot Threat Score" and I think these changes help to lower it enough that, at least in my case, it allows my requests through.
This applies techniques from https://github.com/VeNoMouS/cloudscraper to more closely mimic requests from a browser, so there is a better chance of not being detected as a bot to have to deal with a captcha in the first place. In my testing, these changes created identical requests to cloudscraper, allowing me to access pages that were previously protected with a captcha.
Summary of changes:
For my purposes, I needed to be able to scrape https://bouqs.com/, but without these changes, I was blocked by a challenge. After these changes, requests go through with no challenge. I'm not terribly familiar with the Cloudflare firewall, but I know they compute a "Bot Threat Score" and I think these changes help to lower it enough that, at least in my case, it allows my requests through.