Sucuri WAF - Undocumented Code

[ghost]

I mentioned this before when I wasn't sure how the code was Cloudflare related. The following code is for bypassing https://sucuri.net/website-firewall/

cloudscraper/index.js

Lines 453 to 475 in c65a953

	function onRedirectChallenge (options, response, body) {
	const callback = options.callback;
	const uri = response.request.uri;
	const match = body.match(/S='([^']+)'/);
	if (!match) {
	const cause = 'Cookie code extraction failed';
	return callback(new ParserError(cause, options, response));
	}
	const base64EncodedCode = match[1];
	response.challenge = Buffer.from(base64EncodedCode, 'base64').toString('ascii');
	try {
	// Evaluate cookie setting code
	const ctx = new sandbox.Context();
	sandbox.eval(response.challenge, ctx);
	options.jar.setCookie(ctx.document.cookie, uri.href, { ignoreError: true });
	} catch (error) {
	error.message = 'Cookie code evaluation failed: ' + error.message;
	return callback(new ParserError(error, options, response));
	}

I think this should be mentioned in the README or removed.

+1 for keeping it around since it's still useful i.e. Anorov/cloudflare-scrape#277 where at least the site is using Cloudflare's DNS, at worst it's behind CF and using Sucuri which could be pretty confusing to users.

[codemanki]

🤔 for some reason I thought this was for cloudflare :D I will amend Readme

[ghost]

I just realized a couple of problems with the current code.

• We ignore the response because the server header starts with Sucuri instead of cloudflare.
• The test fixture we're using is outdated. The most recent Sucuri WAF, cookie setting code, uses an un-nested location.reload whereas we only provide a fake document.location.reload. Nvm that... 😄

  • cloudscraper/lib/sandbox.js

    Line 37 in c65a953

    location: { value: { reload: function () {} } }

Everything else is A-ok

#242 makes it work as expected and updates the fixtures.