Captcha New Challenge

Question

Captcha New Challenge

andress134 opened this issue 4 years ago · comments

Describe the bug

Hooman version:
Node.js version:
OS & version:

Actual behavior

Hello, cloudflare has updated new challenge for captcha, hooman is patched for moment, will hooman updated? will continue this project?

Expected behavior

write here

Code to reproduce

// paste code here

Checklist

I have tried my code with the latest version of Node.js and hooman.

Christopher Narciso · Answer 1 · Fri Jul 03 2020 15:07:11 GMT+0800 (China Standard Time)

This is the new captcha

Test url: https://osbot.org/forum/topic/157064-excellent-vorkath/page/5000/

`
//<![CDATA[
(function(){

window._cf_chl_opt={
  cvId: "1",
  cType: "non-interactive",
  cNounce: "3363",
  cRay: "5acec1fde9821185",
  cHash: "88a6094f7c217a7",
  cRq: {
    d: "fBL0cHVXbZ+X+3CfWGO8rYPHHJFyKEDVQaGqP+RPmS9UeZzLkWqY0wp7ZdE2UvZ081LLJ1oX72sWBQtrS9UVujJnrh5hFHvrs8Gcsqlhr0TgOeC3U5/h5QpoXVKDg5EyLupTKHBCWqwgbPmudjjEfmdQNpLTnC13r/8AwcSa0gkeisApAKLwJ2Ana1HoV6dZ8dGsi54B7ErZCd/vclegtrOjU2J5FDZZYp37WgmVd95a5yrd2xFKbZ+eJDAzWif4TAc9wIomug+l1Zu3Ne8LLMKNbJPLQ+l48RmJEaCF+o2tmoWibzH+EDYfysulIry5m5ue0y0KZ0/Ql0GMqD7ZY8UAJxcDKnbi/7IBbhEJIrEHefprML2oa8zE5ew3lhDZ",
    t: "MTU5Mzc1OTkyMi44NzMwMDA=",
    m: "xfxTSJsnY8V5yWzj9uBSGgr8jHt2fborYukGFrjMXh4=",
    i1: "qPm0Hw+Trv6tx3JRSD31HA==",
    i2: "bvlp85/nQ3JrsMrAGGXedA==",
  }
}
window._cf_chl_enter = function(){window._cf_chl_opt.p=1};

var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
  var cookiesEnabled=(navigator.cookieEnabled)? true : false;
  var cookieSupportInfix=cookiesEnabled?'/nocookie':'/cookie';
  var a = document.getElementById('cf-content');a.style.display = 'block';
  var isIE = /(MSIE|Trident\/|Edge\/)/i.test(window.navigator.userAgent);
  var trkjs = isIE ? new Image() : document.createElement('img');
  trkjs.setAttribute("src", "/cdn-cgi/images/trace/jschal/js"+cookieSupportInfix+"/transparent.gif?ray=5acec1fde9821185");
  trkjs.id = "trk_jschal_js";
  trkjs.setAttribute("alt", "");
  document.body.appendChild(trkjs);
  
  document.body.appendChild(trkjs);
  var cpo = document.createElement('script');
  cpo.type = 'text/javascript';
  cpo.src = "/cdn-cgi/challenge-platform/orchestrate/jsch/v1";
  var done = false;
  cpo.onload = cpo.onreadystatechange = function() {
    if (!done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
      done = true;
      cpo.onload = cpo.onreadystatechange = null;
      window._cf_chl_enter()
    }
  };
  document.getElementsByTagName('head')[0].appendChild(cpo);

}, false);

})();
//]]>
`

The python library 'cloudscraper' identifies it by:
`# ------------------------------------------------------------------------------- #
# check if the response contains new Cloudflare challenge
# ------------------------------------------------------------------------------- #

@staticmethod
def is_New_IUAM_Challenge(resp):
    try:
        return (
            resp.headers.get('Server', '').startswith('cloudflare')
            and resp.status_code in [429, 503]
            and re.search(
                r'cpo.src\s*=\s*"/cdn-cgi/challenge-platform/orchestrate/jsch/v1"',
                resp.text,
                re.M | re.S
            )
            and re.search(r'window._cf_chl_enter\(', resp.text, re.M | re.S)
        )
    except AttributeError:
        pass

    return False`

fanclubsp · Answer 2 · Sat Jul 04 2020 05:50:14 GMT+0800 (China Standard Time)

This is the new captcha

Test url: https://osbot.org/forum/topic/157064-excellent-vorkath/page/5000/

`
//<![CDATA[
(function(){

window._cf_chl_opt={
  cvId: "1",
  cType: "non-interactive",
  cNounce: "3363",
  cRay: "5acec1fde9821185",
  cHash: "88a6094f7c217a7",
  cRq: {
    d: "fBL0cHVXbZ+X+3CfWGO8rYPHHJFyKEDVQaGqP+RPmS9UeZzLkWqY0wp7ZdE2UvZ081LLJ1oX72sWBQtrS9UVujJnrh5hFHvrs8Gcsqlhr0TgOeC3U5/h5QpoXVKDg5EyLupTKHBCWqwgbPmudjjEfmdQNpLTnC13r/8AwcSa0gkeisApAKLwJ2Ana1HoV6dZ8dGsi54B7ErZCd/vclegtrOjU2J5FDZZYp37WgmVd95a5yrd2xFKbZ+eJDAzWif4TAc9wIomug+l1Zu3Ne8LLMKNbJPLQ+l48RmJEaCF+o2tmoWibzH+EDYfysulIry5m5ue0y0KZ0/Ql0GMqD7ZY8UAJxcDKnbi/7IBbhEJIrEHefprML2oa8zE5ew3lhDZ",
    t: "MTU5Mzc1OTkyMi44NzMwMDA=",
    m: "xfxTSJsnY8V5yWzj9uBSGgr8jHt2fborYukGFrjMXh4=",
    i1: "qPm0Hw+Trv6tx3JRSD31HA==",
    i2: "bvlp85/nQ3JrsMrAGGXedA==",
  }
}
window._cf_chl_enter = function(){window._cf_chl_opt.p=1};

var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
  var cookiesEnabled=(navigator.cookieEnabled)? true : false;
  var cookieSupportInfix=cookiesEnabled?'/nocookie':'/cookie';
  var a = document.getElementById('cf-content');a.style.display = 'block';
  var isIE = /(MSIE|Trident\/|Edge\/)/i.test(window.navigator.userAgent);
  var trkjs = isIE ? new Image() : document.createElement('img');
  trkjs.setAttribute("src", "/cdn-cgi/images/trace/jschal/js"+cookieSupportInfix+"/transparent.gif?ray=5acec1fde9821185");
  trkjs.id = "trk_jschal_js";
  trkjs.setAttribute("alt", "");
  document.body.appendChild(trkjs);
  
  document.body.appendChild(trkjs);
  var cpo = document.createElement('script');
  cpo.type = 'text/javascript';
  cpo.src = "/cdn-cgi/challenge-platform/orchestrate/jsch/v1";
  var done = false;
  cpo.onload = cpo.onreadystatechange = function() {
    if (!done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
      done = true;
      cpo.onload = cpo.onreadystatechange = null;
      window._cf_chl_enter()
    }
  };
  document.getElementsByTagName('head')[0].appendChild(cpo);

}, false);

})();
//]]>
`

The python library 'cloudscraper' identifies it by:
`# ------------------------------------------------------------------------------- #

check if the response contains new Cloudflare challenge

-------------------------------------------------------------------------------

@staticmethod
def is_New_IUAM_Challenge(resp):
    try:
        return (
            resp.headers.get('Server', '').startswith('cloudflare')
            and resp.status_code in [429, 503]
            and re.search(
                r'cpo.src\s*=\s*"/cdn-cgi/challenge-platform/orchestrate/jsch/v1"',
                resp.text,
                re.M | re.S
            )
            and re.search(r'window._cf_chl_enter\(', resp.text, re.M | re.S)
        )
    except AttributeError:
        pass

    return False`

Is the uam bro

Revadike · Answer 3 · Sat Jul 04 2020 22:36:04 GMT+0800 (China Standard Time)

any updates on this @sayem314 ?

Sayem Chowdhury · Answer 4 · Mon Jul 06 2020 01:56:28 GMT+0800 (China Standard Time)

This is the new challenge. I'm currently busy with some private projects. I need some free time to analyze it.

Christopher Yovanovitch · Answer 5 · Fri Sep 10 2021 04:42:04 GMT+0800 (China Standard Time)

Any news on this?

fanclubsp · Answer 6 · Mon Sep 13 2021 18:14:53 GMT+0800 (China Standard Time)

Any news on this?

it is patched forever nobody will update it

Revadike · Answer 7 · Mon Sep 13 2021 19:10:12 GMT+0800 (China Standard Time)

It's gonna be a cat and mouse game and only one side is getting paid for it, so...