Not working

[peterSa]

Is this project going to be updated or should we forget about it?
It fails at math = re.search(r"a.value = (\d.+?);", script)

as the a.value is not an int anymore but an object transformed into an int with parseint()

[Anorov]

Can you show me some example source code of the most recent CF anti-bot page?

[peterSa]

Ofcourse, heres the source of the page: http://pastebin.com/UQJPWXN4 the url of the website is on the pastebin aswell if you want to try it yourself

This is the actual error:

Traceback (most recent call last):
File "/home/user/test.py", line 30, in
print grab_cloudflare(url)
File "/home/user/test.py", line 19, in grab_cloudflare
math = re.search(r"a.value = (\d.+?);", script).group(1)
AttributeError: 'NoneType' object has no attribute 'group'

[Anorov]

So, on June 1, MalwareMustDie made a blog post about some DDoS scripts that had Cloudflare evasion capabilities:

http://blog.malwaremustdie.org/2014/06/a-journey-to-abused-ftp-sites-story-of.html

This is the cause of Cloudflare's recent code change.

Cloudflare's CEO replied to a tweet about the issue the day of: https://twitter.com/unixfreaxjp/status/473149689785626624

new IUAM pages coming soon. Have some cool tricks.

They seem to have only made this change due to the bad publicity, and completely in spite of the fact that various Cloudflare evading scripts like mine have been out there for much longer.

Their new "cool tricks" are extremely simplistic, at least compared to the kind of Javascript obfuscation I'm used to seeing as a malware analyst.

I've pushed some more commits that should work on the new page, so try pulling now. Note that PyV8 is now a requirement: I have some instructions in the README about it. Any future changes Cloudflare makes should be easily evaluable by PyV8, and will just require minor regex fiddling.

Please tell me if there are any issues.

One caveat: in 2013 Cloudflare made a blog post claiming they have a final trick up their sleeve for this arms race: http://blog.cloudflare.com/when-the-bad-guys-name-malware-after-you-you

Going forward, we have plans if this scheme gets cracked. Specifically, we have an IUAM version that relies on a field of mathematics known as "proof of work" problems. These are difficult to compute answers for but easy to verify. A recent example of such a proof of work problem which has captured the imagination of much of the tech community is Bitcoin. The electronic currency requires a significant amount of computational time to find the answer to a problem, but once found each answer ("coin") is easy to verify.

If they ever do end up implementing proof-of-work checking it'll be easy to add the functionality to cloudflare-scrape, but any use of it will probably have to be reserved only for for slow-speed and light scraping. Chances are they aren't going to implement this for a long time, though, if ever.

[chulderman]

You can mark this as resolved.

I just tried this myself (I was working on my own very hacky, awful awful awful, fix when I saw you update); you have impeccable timing!

Works wonderfully.

[peterSa]

yep, works great now!
Great work!

[mphz]

what does that mean, if the website return response 500, looks like a harder protection? any way to break?

[Anorov]

Please show an example. Thanks.

…

On Jul 13, 2017 2:38 AM, "Murphy Zhu" ***@***.***> wrote: what does that mean, if the website return response 500, looks like a harder protection? any way to break? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#3 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA5FI8OjclvhNB83GLpsUlwaWKH1knNCks5sNbtxgaJpZM4CCmQT> .