search

sereneblue / chameleon

WebExtension port of Random Agent Spoofer
https://sereneblue.github.io/chameleon
GNU General Public License v3.0
502 stars 53 forks source link

Chameleon prevent me to access getcomics.info #477

Open Kraxys opened 3 years ago

Kraxys commented 3 years ago

Prerequisites

Please use issues for bugs only! Answer the following questions for yourself before submitting an issue: YOU MAY DELETE THE PREREQUISITES SECTION.

Expected Behavior

My browser should pass the CloudFlare DDOS protection page.

Current Behavior

With any other than setting than real profile, I'm stuck on the "checking your browser" CF page. As soon a as in Chameleon settings I change the fake profile for the real one, I can access to getcomics.info

Relevant settings

Only a fake user agent, no other check box checked.

{ "config": { "enabled": true, "notificationsEnabled": false, "theme": "light", "hasPrivacyPermission": false }, "excluded": [], "headers": { "blockEtag": false, "enableDNT": false, "referer": { "disabled": false, "xorigin": 0, "trimming": 0 }, "spoofAcceptLang": { "enabled": false, "value": "default" }, "spoofIP": { "enabled": false, "option": 0, "rangeFrom": "", "rangeTo": "" } }, "ipRules": [], "options": { "cookieNotPersistent": false, "cookiePolicy": "allow_all", "blockMediaDevices": false, "blockCSSExfil": false, "disableWebRTC": false, "firstPartyIsolate": false, "limitHistory": false, "protectKBFingerprint": { "enabled": false, "delay": 1 }, "protectWinName": false, "resistFingerprinting": false, "screenSize": "default", "spoofAudioContext": false, "spoofClientRects": false, "spoofFontFingerprint": false, "spoofMediaDevices": false, "timeZone": "default", "trackingProtectionMode": "always", "webRTCPolicy": "default", "webSockets": "allow_all" }, "profile": { "selected": "win1-ff", "interval": { "option": 0, "min": 1, "max": 1 } }, "version": "0.21.10.1", "whitelist": { "enabledContextMenu": false, "defaultProfile": "none", "rules": [] } }

Context (Environment)

FF 83 on W10

sereneblue commented 3 years ago

Hi @Kraxys,

I've noticed this issue with some Cloudflare protected sites but I'm not sure why it's being triggered when the user agent changes; I'm looking into it.

jahnson commented 3 years ago

I have also noticed that [at least some, possibly all] cloudflare protected sites do not work with Chameleon. When I visit some sites, for example, armstrongeconomics.com and cloudflare "checks" my browser, the tab repeatedly redraws in a loop. When I turn off chameleon and try again it works.
Note that in some locations cloudflare trusts the IP address and there is no check so it appears to work, while from some other locations (IP addresses) the check is done and then it goes into the loop.
So I'm also interested to hear about your findings.

sereneblue commented 3 years ago

@jahnson I'm still not sure yet but it seems Cloudflare is able to detect that the browser loading the page is lying about it's user agent. I've tested with a VPN IP that loaded fine with the real profile but didn't with a spoofed profile. Oddly, I just tried testing again with the sites mentioned in this issue and both load with a spoofed profile without any issues.

kekkc commented 3 years ago

I'm still not sure yet but it seems Cloudflare is able to detect that the browser loading the page is lying about it's user agent

I though this is why you implemented an exception for Cloudflare (https://github.com/sereneblue/chameleon/issues/393).

Problem is, that this is exception seems no longer to work, i.e. UA is spoofed again for Cloudflare sites. BTW: here's another test page that works in Opera with or without VPN after entering the CAPTCHA: https://appnee.com/shadermap/ https://app.hubspot.com

Let us know if you need other test sites ;)

sereneblue commented 3 years ago

@kekkc Cloudflare has multiple tests. The previous fix resolved the issue with JS challenges; they're used to block DDOS attacks and bots. However, this new issue seems to be different. From my testing, simply changing the user agent triggered the redirect loop. I wasn't able to replicate the issue on the sites you linked. Are you using a VPN?

EDIT: I was able to get a redirect loop on https://app.hubspot.com/login using a new container. Chameleon was disabled and the user agent was changed using general.useragent.override and setting it to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36. After thinking about it a bit, I have a few hunches as to what may be causing Cloudflare to scrutinize the request: either Cloudflare is doing browser specific checks or the headers are slightly different than what Cloudflare is expecting.

kekkc commented 3 years ago

Cool, BTW: I'm also usingX-Forwarded-For/Via, Base-Domain & 1st Party Isolation. With those activated, it's guaranteed that you'll be running into redirect loops.

UmBottesWillen commented 1 year ago

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

sereneblue commented 1 year ago

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

UmBottesWillen commented 1 year ago

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

I have whitelisted the site, cloudlflare and I tried many different profiles, with Firefox profiles being among them.

sereneblue commented 1 year ago

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

I have whitelisted the site, cloudlflare and I tried many different profiles, with Firefox profiles being among them.

I just ran into this issue. Oddly, even with Chameleon disabled (in Firefox) I still got a redirect loop. Not sure what Cloudflare is doing or if it's a Firefox config that's causing this.

sereneblue commented 1 year ago

Seems like other Firefox users are experiencing the same issue: https://news.ycombinator.com/item?id=37049016

e-t-l commented 11 months ago

I just ran into this issue. Oddly, even with Chameleon disabled (in Firefox) I still got a redirect loop. Not sure what Cloudflare is doing or if it's a Firefox config that's causing this.

Seems like other Firefox users are experiencing the same issue

I experience this issue from time to time, not sure if it's a Firefox pref like RFP, an addon (could be a Ublock filter, Privacy Badger, etc, there's a few that might cause it), or a VPN. My solution is to have a "fresh" FF installation with no VPN or extensions besides out-of-the-box Ublock, and I just open the web page in that browser. Haven't had a problem with it yet.

slrslr commented 1 month ago

This seems to be a duplicate with #518 My workaround is to click "change" button on a Chameleon extension main page, once or twice, then the Cloudflare captcha challenge is passed.