Solver not working anymore

[Ekliptor]

Hi,
previously the CF challenge was extracted with the following function:
var challenge = body.match(/S='([^']+)'/);

Now they made that variable random and added a random-name property on it for the challenge. Full example:

<script type="text/javascript">
--
  | //<![CDATA[
  | (function(){
  | var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
  | b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
  | b(function(){
  | var a = document.getElementById('cf-content');a.style.display = 'block';
  | setTimeout(function(){
  | var s,t,o,p,b,r,e,a,k,i,n,g,f, bUNLJBB={"xqYrWXXfBO":+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]))/+((!+[]+!![]+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(+[])+(+!![])+(!+[]+!![]))};
  | t = document.createElement('div');
  | t.innerHTML="<a href='/'>x</a>";
  | t = t.firstChild.href;r = t.match(/https?:\/\//)[0];
  | t = t.substr(r.length); t = t.substr(0,t.length-1);
  | a = document.getElementById('jschl-answer');
  | f = document.getElementById('challenge-form');
  | ;bUNLJBB.xqYrWXXfBO-=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));bUNLJBB.xqYrWXXfBO+=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![])+(+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]));bUNLJBB.xqYrWXXfBO*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))/+((+!![]+[])+(+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(+!![]));bUNLJBB.xqYrWXXfBO*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]));bUNLJBB.xqYrWXXfBO*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![])+(+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]));bUNLJBB.xqYrWXXfBO-=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]))/+((!+[]+!![]+[])+(!+[]+!![]+!![])+(+[])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!![])+(+!![])+(!+[]+!![]));bUNLJBB.xqYrWXXfBO*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))/+((!+[]+!![]+[])+(+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]));bUNLJBB.xqYrWXXfBO*=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(+!![])+(+[])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));bUNLJBB.xqYrWXXfBO+=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]));a.value = +bUNLJBB.xqYrWXXfBO.toFixed(10) + t.length; '; 121'
  | f.action += location.hash;
  | f.submit();
  | }, 4000);
  | }, false);
  | })();
  | //]]>
  | </script>

In the above example the challenge comes from the variable var bUNLJBB.xqYrWXXfBO which returns a number. But as mentioned, the variable name is random

I can see this is possible to extract, but requires a lot more work. Has anybody been working on this already?

edit. I can see the extraction of the HTML form variables still works, and I do get past the CF challenge in some cases. However in some cases it fails, presumably due to the JavaScript above.

[codemanki]

@Ekliptor hey, thanks for reporting this. I will take a look asap and will come up with a fix.

[codemanki]

@Ekliptor which url are you trying to open?

[Ekliptor]

I get these new challenges as posted above on every domain that is set to "Under attack mode" in Cloudflare. To demonstrate i just set cashtippr.com to show this challenge.

Also when accessing it with a GET request using cloudscraper from a German IP I still get through (past the challenge) about 80% of the time.
The function setCookieAndReload extracting the challenge is almost never called as far as i see it.
When exactly is it supposed to get called?

Either way it's still working, but far from 100% since their challenge changed. Or maybe CF got more restrictive with my IPs. Sorry for not having investigated this further yet.

[codemanki]

@Ekliptor thanks for the details, but I still don't quite understand what has happened and changed.

CF has 2 pages which cloudscraper tries to bypass:

• First with a JS challenge, example
• And second one with a cookie challenge, example

The code snippet you provided in the issue is with a js challenge, but you are mentioning the line of code var challenge = body.match(/S='([^']+)'/); which is solving the cookie challenge (setCookieAndReload method) . And you are saying that the cookie challenge solver is not working any more.

I was able to access cashtippr.com and it works fine for me. If you could paste me the new cookie challenge page, it would help me a lot, but so far i can't get it anyhow.

[DavidXanatos]

Hello,

The issue seams to be that after getting a challenge, CF sometimes brings a second challenge, so the scraper needs to be executed in a look until it makes it through.

just my 2 cents

David X.

[codemanki]

@DavidXanatos @Ekliptor I'm struggling to repro such a scenario.

I would appreciate if you could provide me with a link that has multiple challenges, or ideally a source code of each page in the chain of CF responses, so I can write a test case and fix the library.

[DavidXanatos]

an example would be: h++p://iload.to/l/1786935/9Qga10zgWZ

[codemanki]

@DavidXanatos I only get one CF challenge and then 404 page

[DavidXanatos]

try tomorow thay seam to have soem issues since a few hours,
also as Ekliptor wrote, the double challenge only happens once in a while.
So the best would be to wait until the site is reachable again and than run a hundred requests in a look in order to catch the odd one that makes trouble.

[Ekliptor]

Also I was able to reproduce this using Google Chrome. It submitted the cloudflare challenge and then came another challenge right after. Only on the 3rd reload did I get to see the actual iload.to page.

[codemanki]

@DavidXanatos @Ekliptor i have managed to repro it and get 2 challenges in a row. Here is a new branch in which i'm gonna refactor the library and soon will create a PR.

[codemanki]

@DavidXanatos @Ekliptor @Royalgamer06 hey folks, I have just published a WIP PR which fixes this issue, e.g. properly processes any consequent challenges #66

Please give it a try and let me know if that works for you. You can use a npm package from a branch with something like this.

I still want to do some minor adjustments there before releasing.

Thanks.