How does it work without setting any Cloudflare related cookies?
Germey opened this issue · comments
How does it work without setting any Cloudflare related cookies? I checked your code did not set any __cf_bm related cookies, how does it bypass cloudflare? Is it because tls_client can bypass it? I saw the cloudflare related profile here: https://github.com/bogdanfinn/tls-client/blob/09eace9c44148f7d8fccf8e829baebf14edce1d9/custom_profiles.go#L398
OpenAI misconfiguration. They turned security level from highest to high on backend-api endpoints
Thanks, this is interesting, I checked the security level is indeed lower than before, it also does not check the consistence between browser's cf cookies and browser's fingerprint. It's a good news.
Did you tested the IP blocking issue from OpenAI side after the security level changed? For example, if we requests too many times in an hour (imagine there are no account request limits, we have lots of accounts and lots of access tokens to unblock the rate limit per account). Will OpenAI block this IP address or even deactivate accounts? I suppose the http_proxy is still needed in case of the IP blocking.
Rate limits now seem to also be applied per IP. Even with a large number of access tokens, a fresh one throws "Too many requests in 1 hour".
If anyone can bypass SSL issues on https://chat.openai.com.cdn.cloudflare.net/backend-api/conversation, we should be able to fix everything. @pengzhile seems to have figured out the SSL issues but haven't shared the method
So this repo is working again? It's really a good news. GPT4 API is too expensive.
Yes
Rate limits now seem to also be applied per IP. Even with a large number of access tokens, a fresh one throws "Too many requests in 1 hour".
If anyone can bypass SSL issues on https://chat.openai.com.cdn.cloudflare.net/backend-api/conversation, we should be able to fix everything. @pengzhile seems to have figured out the SSL issues but haven't shared the method
u mean this ?
_cfuvid for Rate Limiting Rules
The Rate Limiting Rules product uses a number of techniques for applying rate limits to traffic where multiple unique visitors share the same IP address, such as traffic from behind a NAT. These techniques can be enabled by using the cf.unique_visitor_id field in the rate limiting configuration.
The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address. Visitors who do not provide the cookie are likely to be grouped together and may not be able to access the site if there are many other visitors from the same IP address.
I'll check this out. Perhaps stripping the cookie could fix this issue
I'll check this out. Perhaps stripping the cookie could fix this issue
yes, or get more _cfuvid to serve more requests :) access with a effective __cf_bm can get one
It assigns a new _cfuvid if request is sent with none
_puid also works again given a clean IP
Owner
only _puid ? no need __cf_bm?
Owner
only _puid ? no need __cf_bm?
Yes.
is https://www.projecthoneypot.org/ useful to make a clean ip?
_puidalso works again given a clean IPIf your IP is clean, you can succeed even without using _puid, so it is no longer needed.
What I mean is the main site. chat.openai.com/
is projecthoneypot.org useful to make a clean ip?
Just find a residential proxy
I put my ip in the whitelist of honeypot yesterday, and I can get a effective __cf_bm today without any cookie and chanllenge
If I do so before, I would get a 403 error
it's a bit pity that some unclean ip still cannot get a acesstoken via login, the server return 429 , but with a __cf_bm, I can send message via that unclean ip with a acesstoken I got already
_puidalso works again given a clean IPIf your IP is clean, you can succeed even without using _puid, so it is no longer needed.
What I mean is the main site. chat.openai.com/
Me too. have a try.
Oh yes. That's interesting. I suppose proxy isn't needed anymore
Hmm I removed the cookies but rate limiting still happening
Hmm I removed the cookies but rate limiting still happening
remove _cfuvid ? not many _cfuvid ?
Hmm I removed the cookies but rate limiting still happening
remove _cfuvid ? not many _cfuvid ?
Not sure how to get multiple without using a web browser
access the session page or account check page with a effective __cf_bm can get one?
How to get __cf_bm automatically then?
How to get __cf_bm automatically then?
Sometimes, I can get __cf_bm with a simple browse with a tls_client, but normally, need to run an undetected_chromdriver, the project of linweiyuan can share the __cf_bm between processes, and each process can get an individle cf unique user id, so we can run a cf unique user id pool to send many requests?
some resources maybe useful
https://github.com/nataliakzm/web_scraping/tree/main/bypassing_cloudflare # need some modify?
https://github.com/FlareSolverr/FlareSolverr
https://github.com/iain17/go-cfscrape # need some modify?
https://scrapeops.io/web-scraping-playbook/how-to-bypass-cloudflare/
PUID gets around cloudflare rate limit
Hey is there any other method to bypass the cloudflare rate limit? I'm not getting too many requests in one hour message even with many access tokens. But it seems the proxy used in the revChatGPT repo is not limited by the same limitation. How should I bypass this limit? Thanks!