chameleon icon indicating copy to clipboard operation
chameleon copied to clipboard

Published 20 hours ago verified publisher icon sereneblue

Chameleon prevent me to access getcomics.info

Open Kraxys opened this issue 4 years ago • 13 comments

Prerequisites

Please use issues for bugs only! Answer the following questions for yourself before submitting an issue: YOU MAY DELETE THE PREREQUISITES SECTION.

  • [ x] I am running the latest version
  • [x ] I checked the documentation and found no answer
  • [x ] I checked to make sure that this issue has not already been filed

Expected Behavior

My browser should pass the CloudFlare DDOS protection page.

Current Behavior

With any other than setting than real profile, I'm stuck on the "checking your browser" CF page. As soon a as in Chameleon settings I change the fake profile for the real one, I can access to getcomics.info

Relevant settings

Only a fake user agent, no other check box checked.

{ "config": { "enabled": true, "notificationsEnabled": false, "theme": "light", "hasPrivacyPermission": false }, "excluded": [], "headers": { "blockEtag": false, "enableDNT": false, "referer": { "disabled": false, "xorigin": 0, "trimming": 0 }, "spoofAcceptLang": { "enabled": false, "value": "default" }, "spoofIP": { "enabled": false, "option": 0, "rangeFrom": "", "rangeTo": "" } }, "ipRules": [], "options": { "cookieNotPersistent": false, "cookiePolicy": "allow_all", "blockMediaDevices": false, "blockCSSExfil": false, "disableWebRTC": false, "firstPartyIsolate": false, "limitHistory": false, "protectKBFingerprint": { "enabled": false, "delay": 1 }, "protectWinName": false, "resistFingerprinting": false, "screenSize": "default", "spoofAudioContext": false, "spoofClientRects": false, "spoofFontFingerprint": false, "spoofMediaDevices": false, "timeZone": "default", "trackingProtectionMode": "always", "webRTCPolicy": "default", "webSockets": "allow_all" }, "profile": { "selected": "win1-ff", "interval": { "option": 0, "min": 1, "max": 1 } }, "version": "0.21.10.1", "whitelist": { "enabledContextMenu": false, "defaultProfile": "none", "rules": [] } }

Context (Environment)

FF 83 on W10

Kraxys avatar Dec 13 '20 11:12 Kraxys

Hi @Kraxys,

I've noticed this issue with some Cloudflare protected sites but I'm not sure why it's being triggered when the user agent changes; I'm looking into it.

sereneblue avatar Dec 14 '20 02:12 sereneblue

I have also noticed that [at least some, possibly all] cloudflare protected sites do not work with Chameleon. When I visit some sites, for example, armstrongeconomics.com and cloudflare "checks" my browser, the tab repeatedly redraws in a loop. When I turn off chameleon and try again it works.
Note that in some locations cloudflare trusts the IP address and there is no check so it appears to work, while from some other locations (IP addresses) the check is done and then it goes into the loop.
So I'm also interested to hear about your findings.

jahnson avatar Jan 05 '21 10:01 jahnson

@jahnson I'm still not sure yet but it seems Cloudflare is able to detect that the browser loading the page is lying about it's user agent. I've tested with a VPN IP that loaded fine with the real profile but didn't with a spoofed profile. Oddly, I just tried testing again with the sites mentioned in this issue and both load with a spoofed profile without any issues.

sereneblue avatar Jan 07 '21 00:01 sereneblue

I'm still not sure yet but it seems Cloudflare is able to detect that the browser loading the page is lying about it's user agent

I though this is why you implemented an exception for Cloudflare (https://github.com/sereneblue/chameleon/issues/393).

Problem is, that this is exception seems no longer to work, i.e. UA is spoofed again for Cloudflare sites. BTW: here's another test page that works in Opera with or without VPN after entering the CAPTCHA: https://appnee.com/shadermap/ https://app.hubspot.com

Let us know if you need other test sites ;)

kekkc avatar Jan 07 '21 10:01 kekkc

@kekkc Cloudflare has multiple tests. The previous fix resolved the issue with JS challenges; they're used to block DDOS attacks and bots. However, this new issue seems to be different. From my testing, simply changing the user agent triggered the redirect loop. I wasn't able to replicate the issue on the sites you linked. Are you using a VPN?

EDIT: I was able to get a redirect loop on https://app.hubspot.com/login using a new container. Chameleon was disabled and the user agent was changed using general.useragent.override and setting it to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36. After thinking about it a bit, I have a few hunches as to what may be causing Cloudflare to scrutinize the request: either Cloudflare is doing browser specific checks or the headers are slightly different than what Cloudflare is expecting.

sereneblue avatar Jan 08 '21 03:01 sereneblue

Cool, BTW: I'm also usingX-Forwarded-For/Via, Base-Domain & 1st Party Isolation. With those activated, it's guaranteed that you'll be running into redirect loops.

kekkc avatar Jan 08 '21 12:01 kekkc

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

UmBottesWillen avatar Jul 14 '23 00:07 UmBottesWillen

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

sereneblue avatar Jul 16 '23 01:07 sereneblue

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

I have whitelisted the site, cloudlflare and I tried many different profiles, with Firefox profiles being among them.

UmBottesWillen avatar Jul 19 '23 09:07 UmBottesWillen

I'd like to report this issue still as not fixed. Whenever I get redirected from a page to a Clodflare "Checking if your connection is secure" site, the Cloudflare site just infinitely reloads until I disable Charmeleion. Setting an exception has not worked for me.

Have you tried whitelisting the site and using a Firefox profile with it?

I have whitelisted the site, cloudlflare and I tried many different profiles, with Firefox profiles being among them.

I just ran into this issue. Oddly, even with Chameleon disabled (in Firefox) I still got a redirect loop. Not sure what Cloudflare is doing or if it's a Firefox config that's causing this.

sereneblue avatar Jul 22 '23 00:07 sereneblue

Seems like other Firefox users are experiencing the same issue: https://news.ycombinator.com/item?id=37049016

sereneblue avatar Aug 09 '23 00:08 sereneblue

I just ran into this issue. Oddly, even with Chameleon disabled (in Firefox) I still got a redirect loop. Not sure what Cloudflare is doing or if it's a Firefox config that's causing this.

Seems like other Firefox users are experiencing the same issue

I experience this issue from time to time, not sure if it's a Firefox pref like RFP, an addon (could be a Ublock filter, Privacy Badger, etc, there's a few that might cause it), or a VPN. My solution is to have a "fresh" FF installation with no VPN or extensions besides out-of-the-box Ublock, and I just open the web page in that browser. Haven't had a problem with it yet.

e-t-l avatar Oct 16 '23 13:10 e-t-l