Whitelisting X-Forwarded-for/via ip

[tyrel68]

Expected Behavior

Checked Spoof X-Forwarded-for/via ip and used customer IP range
Encounter site that doesnt work with it
Whitelist site
All is good

Current Behavior

Checked Spoof X-Forwarded-for/via ip and used customer IP range
Works fine
Encounter site that doesnt like it
Whitelist site and nothing changes
Disable Spoof of X-Forwarded-for/via ip
Site works but i do still need to have it whitelisted since useragent causes a problem(i think)

Relevant settings

"excluded": [
"headers": {
"blockEtag": false,
"enableDNT": true,
"referer": {
"disabled": false,
"xorigin": 2,
"trimming": 2

"spoofAcceptLang": {
"enabled": true,
"value": "en-US"

"spoofIP"
"enabled": false,
"option": 1,
"rangeFrom": "8.21.61.0",
"rangeTo": "8.21.61.255"

"options":
"cookieNotPersistent": true,
"cookiePolicy": "reject_trackers",
"blockMediaDevices": true,
"blockCSSExfil": true,
"disableWebRTC": true,
"firstPartyIsolate": true,
"limitHistory": false,
"protectKBFingerprint": {
"enabled": false,
"delay": 1

"protectWinName": false,
"resistFingerprinting": false,
"screenSize": "1920x1080",
"spoofAudioContext": false,
"spoofClientRects": false,
"spoofFontFingerprint": true,
"spoofMediaDevices": false,
"timeZone": "Etc/GMT+4",
"trackingProtectionMode": "always",
"webRTCPolicy": "disable_non_proxied_udp",
"webSockets": "block_3rd_party"

"version": "0.22.17.1",

Context (Environment)

Windows 10
Mozilla Firefox 95.0.2

Comment:
Fully expect to be called a dumbass for missing something XD

[tyrel68]

What did I expect to happen...its not doing it anymore

Closing

[tyrel68]

Doing it again........might have just been saved data that was keeping it working.

[sereneblue]

Hi @tyrel68,

Can you link the site that you're experiencing issues with? I did some testing with https://request.urih.com/ and it seem to be working.

[tyrel68]

Well not going to mince words its a less the legit site(anime streaming) used it alot
Im just thinking it might be just that I was locking down security (kinda went a little tinfoil hat)

I think right now I just need to look for new options as something I did had to have caused this

I dont really feel comfortable sending a less then legit link to you so I'll just work around it(and try to see if i can find what setting caused this)

Just the fact it seems to be working sometimes and not others makes me think its on my end

[sereneblue]

Well not going to mince words its a less the legit site(anime streaming) used it alot Im just thinking it might be just that I was locking down security (kinda went a little tinfoil hat)

I think right now I just need to look for new options as something I did had to have caused this

I dont really feel comfortable sending a less then legit link to you so I'll just work around it(and try to see if i can find what setting caused this)

Just the fact it seems to be working sometimes and not others makes me think its on my end

Feel free to send it via the contact form available here. :) If there is an issue with Chameleon, it may be affecting others.

[tyrel68]

Well fair enuff!
Will send it

Walkthrough to the shitty design of the site

[sereneblue]

@tyrel68 I was able to replicate the issue.

I setup a middleman proxy to log all the requests made with the spoofed headers and did find a few to https://dood.ws. It seems the whitelisting logic wasn't catching every request that originated from the page. I've coded a fix so this should be resolved in an update I will release later today.

Thanks for reporting the issue.

[tyrel68]

Damn sweet. was worried it was all my end