CycleTLS
CycleTLS copied to clipboard
Danny-Dasilva
Cloudflare catches CycleTLS
Description
I have been using this library for a long time to bypass Cloudflares ja3 protection. It has been working without any problems. But when I tried it recently, CycleTLS is not fooling Cloudflare any more. Seems something changed.
I can still use the "curl-impersonate" tool without any problems. When I use the exact same ja3 fingerprint and useragent as the working "curl-impersonate", Cloudflare still catches CycleTLS as "fake client".
Not sure how I should debug this any further as it was working fine before. What do you need from me?
Issue Type
Bug
Operating System
Linux
Node Version
None
Golang Version
Other
Relevant Log Output
cycletls.Response{RequestID:"cycleTLSRequest", Status:429, Body:"", Headers:map[string]string{"Cf-Ray":"7846e20a5d97c293-VIE", "Content-Length":"0", "Date":"Wed, 04 Jan 2023 20:56:49 GMT", "Server":"cloudflare"}}
Cloudflare gives error 429 when catching "fake clients". Don't let their documentation fool you about "too many requests".
I can give you the working curl line and the golang code I am using, if that would help?
I can give you the working curl line and the golang code I am using, if that would help?
Yes that would help
#This gives error 429, meaning blocked by Cloudflare
curl -v 'https://degoo.com/me/login' \
-H 'Content-Type: application/json' \
--data-raw '{"Email":"[email protected]","Password":"xxx"}'
#This is getting a response from the back-end server, meaning bypassed Cloudflare
./curl_chrome104 -v 'https://degoo.com/me/login' \
-H 'Content-Type: application/json' \
--data-raw '{"Email":"[email protected]","Password":"xxx"}'
Here is my golang code to replicate. Worked before, but not any more.
response, err := client.Do("https://degoo.com/me/login", cycletls.Options{
Headers: map[string]string{
"Content-Type": "application/json",
},
Body: `{"Email":"[email protected]","Password":"xxx"}`,
Ja3: "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-21,29-23-24,0",
UserAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
}, "POST")
Hello, have you encountered 408 problems? When I am a post, the body returns 408 when passing parameters
Hello, have you encountered 408 problems? When I am a post, the body returns 408 when passing parameters
When you post to Cloudflare?
Hello, have you encountered 408 problems? When I am a post, the body returns 408 when passing parameters
When you post to Cloudfront?
post akamai
Hello, have you encountered 408 problems? When I am a post, the body returns 408 when passing parameters
When you post to Cloudfront?
post akamai
No, I have never gotten 408. I don't think it's the same as my issue.
You need to bypass http2 fingerprint too, CycleTLS doesn't spoof that. https://tls.peet.ws/
You need to bypass http2 fingerprint too, CycleTLS doesn't spoof that. https://tls.peet.ws/
So this is something new that Cloudflare added recently? CycleTLS was the only thing needed until a few months ago to trick Cloudflare.
And why would that be needed if I use HTTP 1.1 for the request? Looks like only HTTP2 can be fingerprinted? Also, why would curl-impersonate still work then? It only does fa3 fingerprinting and no HTTP2 fingerprint.
Thanks!
Hi @buzzy, I'm interested to know how you're getting on with fixing this. Since your problem seems CycleTLS specific if curl-impersonate is working, have you tried running your requests with the uTLS: https://github.com/refraction-networking/utls?
Description
I have been using this library for a long time to bypass Cloudflares ja3 protection. It has been working without any problems. But when I tried it recently, CycleTLS is not fooling Cloudflare any more. Seems something changed.
I can still use the "curl-impersonate" tool without any problems. When I use the exact same ja3 fingerprint and useragent as the working "curl-impersonate", Cloudflare still catches CycleTLS as "fake client".
Not sure how I should debug this any further as it was working fine before. What do you need from me?
Issue Type
Bug
Operating System
Linux
Node Version
None
Golang Version
Other
Relevant Log Output
cycletls.Response{RequestID:"cycleTLSRequest", Status:429, Body:"", Headers:map[string]string{"Cf-Ray":"7846e20a5d97c293-VIE", "Content-Length":"0", "Date":"Wed, 04 Jan 2023 20:56:49 GMT", "Server":"cloudflare"}} Cloudflare gives error 429 when catching "fake clients". Don't let their documentation fool you about "too many requests".
Description
I have been using this library for a long time to bypass Cloudflares ja3 protection. It has been working without any problems. But when I tried it recently, CycleTLS is not fooling Cloudflare any more. Seems something changed.
I can still use the "curl-impersonate" tool without any problems. When I use the exact same ja3 fingerprint and useragent as the working "curl-impersonate", Cloudflare still catches CycleTLS as "fake client".
Not sure how I should debug this any further as it was working fine before. What do you need from me?
Issue Type
Bug
Operating System
Linux
Node Version
None
Golang Version
Other
Relevant Log Output
cycletls.Response{RequestID:"cycleTLSRequest", Status:429, Body:"", Headers:map[string]string{"Cf-Ray":"7846e20a5d97c293-VIE", "Content-Length":"0", "Date":"Wed, 04 Jan 2023 20:56:49 GMT", "Server":"cloudflare"}} Cloudflare gives error 429 when catching "fake clients". Don't let their documentation fool you about "too many requests".
I encountered the same problem as you. At first, there was no problem. After waiting for two minutes, it was all 429. I tested the IP and found no problem. My UA and JA3 are also different. It's strange how they were detected. Have you solved it?
