This repository has been archived by the owner on May 9, 2020. It is now read-only.
CaptchaError: captcha v4.0.1 (SSL negotiation) #211
Labels
Comments
|
@pro-src every example i run all of it almost get me error CaptchaError: captcha, I am using node v10.15.3. the url is https://nanime.in. I am clueless of what was the problem. |
|
@pro-src u say it is the header, i am using header or not still get the same error, the rest I dont understand, also ArnaudPiroelle upgrade node to v12, i have upgrade it, and still the same error. |
|
@karnadii I'm unable to reproduce the problem using the URL that you provided. Those headers do trigger a reCAPTCHA whereas the default ones do not. Do you have another URL? |
ghost
reopened this
|
@karnadii could you please try |
|
@karnadii Also if you enable debugging, you can see which headers are being sent. const cloudscraper = require('cloudscraper');
cloudscraper.debug = trueNote that upgrading your nodejs version is not necessary. It should work just fine on nodejs v6+ without any accommodations. Although, using the latest stable version of nodejs is always recommended and using brotli is future proofing. |
|
@codemanki @pro-src still error Stacktrace |
|
the one that I want to scrape is nanime.in, so this is the only url i can provide. |
|
using example of rechaptav2 Stacktrace |
|
@karnadii The recaptcha example is a dummy function and is not meant to work. It's something that you have to code yourself. I think the reason that you're getting a CAPTCHA in this case would because of an IP related issue. Perhaps the site owner has var cloudscraper = require('cloudscraper');
var fs = require('fs');
cloudscraper.get('https://www.ssllabs.com/ssltest/viewMyClient.html').then(body => fs.writeFileSync('./results.html', body, 'utf-8'), console.error);Upload the contents of |
|
@pro-src results.html<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Qualys SSL Labs - Projects / SSL Client Test</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link href="/includes/ssllabs.css" rel="styleSheet" type="text/css">
<link href="/includes/report.css" rel="styleSheet" type="text/css">
<link href="/includes/main.css" rel="styleSheet" type="text/css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
</head>
<body>
<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-MPWDSJ"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MPWDSJ');</script>
<!-- SHA 256 'sha256-b/ES1VZMgjYcvUcvmmSj/qEQTV6gTFugcTmkMS0E0qk='-->
<!-- End Google Tag Manager -->
<div id="page">
<div id="header">
<div id="logo">
<a href="/index.html" rel="noreferrer"><img src="https://ssllabs.com/images/qualys-ssl-labs-logo.png" width="341"
height="55" alt="SSL Labs logo" title="SSL Labs logo"></a>
</div>
<div id="navigation">
<a class="link" href="/index.html" rel="noreferrer">Home</a>
<a class="link" href="/projects/index.html" rel="noreferrer">Projects</a>
<a class="link" href="https://www.qualys.com/free-trial/" rel="noreferrer">Qualys Free Trial</a>
<a class="link" href="/about/contact.html" rel="noreferrer">Contact</a>
</div>
<br clear="all" />
</div>
<div id="breadcrumbs">
<b>You are here: </b>
<a href="/index.html">Home</a>
> <a href="/projects/index.html">Projects</a>
> SSL Client Test
</div>
<div id="main">
<div class="floatLeft">
<div class="reportTitle report-title-style">SSL/TLS Capabilities of Your Browser</div>
<div class="reportTime width-650"><b>User Agent:</b> Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36</div> </div>
<div class="floatRight"><br><a href="/ssltest/clients.html">Other User Agents »</a></div>
<br clear="all"/>
<div align="center">
<noscript>
<div id=warningBox class="warning-box-line-height">
<b>Without JavaScript, the following tests will not run:</b>
(1) Accurate protocol support, (2) SSL 3 POODLE vulnerability, (3) mixed content handling,
(4) TLS authentication bug in Apple's products, and (5) the FREAK attack.
Please enable JavaScript for best results.
</ul>
</div>
<br>
</noscript>
<div id="mixedCSSHiddenDiv1" class="display-none"></div>
<div id="mixedCSSHiddenDiv2" class="display-none"></div>
<iframe src="http://plaintext.ssllabs.com/plaintext/frame.html" class="display-none" width="0" height="0"></iframe>
<div id="hiddenImagesDiv" class="display-none"></div>
<div id="protocolSupportDiv" class="display-none"></div>
<div class="reportSection" id="protocolTestDiv">
<div class="sectionTitle" id="protocolTestHeading">Protocol Support</div>
<div class="sectionBody">
<div id="protocolTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking protocol support...</div>
<div id="protocolTestMsgNotes"></div>
</div>
</div>
<div class="reportSection" id="jamTestDiv">
<div class="sectionTitle">Logjam Vulnerability</div>
<div class="sectionBody">
<div id="jamTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="jamTestMsgNotes">
For more information about the Logjam attack, please go to
<a href="https://weakdh.org">weakdh.org</a>.<br>
To test manually, click <a href="https://www.ssllabs.com:10445/">here</a>.
Your user agent is not vulnerable if it fails to connect to the site.</div>
</div>
</div>
<div class="reportSection" id="freakTestDiv">
<div class="sectionTitle">FREAK Vulnerability</div>
<div class="sectionBody">
<div id="freakTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="freakTestMsgNotes">
For more information about the FREAK attack, please go to
<a href="https://www.freakattack.com">www.freakattack.com</a>.<br>
To test manually, click <a href="https://www.ssllabs.com:10444/">here</a>.
Your user agent is not vulnerable if it fails to connect to the site.</div>
</div>
</div>
<div class="reportSection" id="ssl3TestDiv">
<div class="sectionTitle">POODLE Vulnerability</div>
<div class="sectionBody">
<div id="ssl3TestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="ssl3TestMsgNotes">For more information about the POODLE attack, please read <a href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack">this blog post</a>.</div>
</div>
</div>
<div class="reportSection" id="ssl2TestDiv">
<div class="sectionTitle">SSL 2 Protocol Support</div>
<div class="sectionBody">
<div id="ssl2TestMsg"><font color="red">Your user agent supports SSL 2. You should upgrade.</font></div>
<div id="ssl2TestMsgNotes">SSL 2 is a very old, obsolete, and insecure version of the SSL protocol. You can usually disable this protocol
version in configuration, but modern clients don't support it at all. This really means that you should upgrade your software
to a better version.</div>
</div>
</div>
<script type="text/javascript" src="/includes/viewClient.js"></script>
<input id="mainsitehost" type="hidden" value=www.ssllabs.com >
<input id="plaintextSiteHost" type="hidden" value=plaintext.ssllabs.com >
<div class="reportSection" id="appleTestDiv">
<div class="sectionTitle">iOS and OS X TLS Authentication Vulnerability</div>
<div class="sectionBody">
<div id="appleTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="appleTestMsgNotes">To test manually, <a href="https://www.ssllabs.com:10443">click here</a>. If your
user agent refuses to connect, you are not vulnerable. This test requires a connection to the SSL Labs
server on port 10443. A strict outbound firewall might interfere. You should test Safari running on
iOS or OS X. Chrome and Firefox are not vulnerable, even when running on a vulnerable operating system.
<a href="https://community.qualys.com/blogs/securitylabs/2014/02/24/ssl-labs-testing-for-apples-tls-authentication-bug"><b>MORE »</b></a></div>
<script type="text/javascript" src="/includes/viewClient-appleTest.js"></script>
</div>
</div>
<div class="reportSection">
<div class="sectionTitle">Protocol Features</div>
<div class="sectionBody">
<input id="tls13Support" type="hidden" value=-1 >
<img class="tIcon" src="/images/icon-protocol.png" width="65" height="50">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="2" align="left">Protocols</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_3_label"> TLS 1.3 </td>
<td class="tableRight" id="protocol_tls1_3">No</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_2_label">TLS 1.2</td>
<td class="tableRight" id="protocol_tls1_2">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">TLS 1.1</td>
<td class="tableRight" id="protocol_tls1_1">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_label">TLS 1.0</td>
<td class="tableRight" id="protocol_tls1">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_ssl3_label">SSL 3</td>
<td class="tableRight" id="protocol_ssl3">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_ssl2_label">SSL 2</td>
<td class="tableRight" id="protocol_ssl2">No</td>
</tr>
<noscript>
<tr class="tableRow">
<td colspan=2 align=left>
<span class="color666666">(*) Without JavaScript, this test reliably detects only the highest supported protocol.</span>
</td>
</tr>
</noscript>
</tbody>
</table>
<br><br>
<img class="tIcon" src="/images/icon-cipher.png" width="65" height="50" alt="">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Cipher Suites (in order of preference)</td>
</tr>
</thead>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (<code>0xc02f</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (<code>0xc02b</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (<code>0xc030</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (<code>0xc02c</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (<code>0x9e</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (<code>0xc027</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (<code>0x67</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (<code>0xc028</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (<code>0x6b</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (<code>0xa3</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (<code>0x9f</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (<code>0xcca9</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (<code>0xcca8</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (<code>0xccaa</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (<code>0xc0af</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_CCM (<code>0xc0ad</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_256_CCM_8 (<code>0xc0a3</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_256_CCM (<code>0xc09f</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (<code>0xa2</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (<code>0xc0ae</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_CCM (<code>0xc0ac</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_128_CCM_8 (<code>0xc0a2</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_128_CCM (<code>0xc09e</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (<code>0xc024</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (<code>0x6a</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (<code>0xc023</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (<code>0x40</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (<code>0xc00a</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (<code>0xc014</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_256_CBC_SHA (<code>0x39</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_256_CBC_SHA (<code>0x38</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (<code>0xc009</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (<code>0xc013</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_RSA_WITH_AES_128_CBC_SHA (<code>0x33</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_DHE_DSS_WITH_AES_128_CBC_SHA (<code>0x32</code>)
<span class=dhParams>Forward Secrecy<sup>2</sup></span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_GCM_SHA384 (<code>0x9d</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_CCM_8 (<code>0xc0a1</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_CCM (<code>0xc09d</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_GCM_SHA256 (<code>0x9c</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_CCM_8 (<code>0xc0a0</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_CCM (<code>0xc09c</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_CBC_SHA256 (<code>0x3d</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_CBC_SHA256 (<code>0x3c</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_CBC_SHA (<code>0x35</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_CBC_SHA (<code>0x2f</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft">TLS_EMPTY_RENEGOTIATION_INFO_SCSV (<code>0xff</code>)</td>
<td class="tableRight">-</td>
</tr>
<tr class="tableRow">
<td colspan=2 align=left>
<span class="color666666">(1) When a browser supports SSL 2, its SSL 2-only suites are shown
only on the very first connection to this site. To see the suites,
close all browser windows, then open this exact page directly. Don't refresh.</span>
</td>
</tr>
<tr class="tableRow">
<td colspan=2 align=left>
<span class="color666666">(2) Cannot be used for Forward Secrecy because they require DSA keys, which are effectively limited to 1024 bits.</span>
</td>
</tr>
</table>
<br><br>
<img class="tIcon" src="/images/icon-protocol-details.png" width="65" height="50" alt="">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="2" align="left">Protocol Details</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLabel" width="250">Server Name Indication (SNI)</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Secure Renegotiation</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=green>TLS compression</font></td>
<td class="tableCell"><font color=green>No</font></td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Session tickets</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=#F88017>OCSP stapling</font></td>
<td class="tableCell"><font color=#F88017>No</font></td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Signature algorithms</td>
<td class="tableCell">
SHA512/RSA, SHA512/DSA, SHA512/ECDSA, SHA384/RSA, SHA384/DSA, SHA384/ECDSA, SHA256/RSA, SHA256/DSA, SHA256/ECDSA, SHA224/RSA, SHA224/DSA, SHA224/ECDSA, SHA1/RSA, SHA1/DSA, SHA1/ECDSA </td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Named Groups</td>
<td class="tableCell">
x25519, secp256r1, secp521r1, secp384r1 </td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Next Protocol Negotiation</td>
<td class="tableCell">No</td>
</tr>
<tr class="tableRow">
<td class="tableLabel" width="250">Application Layer Protocol Negotiation</td>
<td class="tableCell">No</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=green>SSL 2 handshake compatibility</font></td>
<td class="tableCell"><font color=green>No</font></td>
</tr>
</tbody>
</table>
<br>
</div>
</div>
<div class="reportSection display-none" id="mixedDiv">
<div class="sectionTitle">Mixed Content Handling</div>
<div class="sectionBody">
<img class="tIcon" src="/images/icon-misc.png" width="65" height="50">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Mixed Content Tests</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft">Images</td>
<td class="tableRight width-100">Passive</td>
<td class="tableRight width-100" id="mixedImages">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">CSS</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedCssLink">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">Scripts</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedScripts">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">XMLHttpRequest</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedXhr">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">WebSockets</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedWebSockets">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">Frames</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedFrame">Testing...</td>
</tr>
<tr class="tableRow">
<td colspan="3" align="left">
<span class="color666666">(1) These tests might cause a mixed content warning in your browser. That's expected.<br></span>
<span class="color666666">(2) If you see a failed test, try to reload the page. If the error persists, please get in touch.</span>
</td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable report-table-margin">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Related Functionality</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft">Upgrade Insecure Requests request header (<a href="https://w3c.github.io/webappsec/specs/upgrade/">more info</a>)</td>
<td class="tableRight">Yes</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/includes/viewClient-clientTest.js"></script>
</div>
</div>
</div>
<div id="pageEnd">
<div id="copyright">
<table width=1050 border=0 cellpadding=5 cellspacing=0><tr>
<td class="footer">
Copyright © 2009-2019 <a href="https://www.qualys.com">Qualys, Inc</A>. All Rights Reserved.
</td><td align=right class="footer">
<a href="https://www.ssllabs.com/about/terms.html" rel="noreferrer">Terms and Conditions</a>
</td></tr>
<tr>
<td class="footer">
<a href="https://www.qualys.com/free-trial/">Try Qualys for free!</a> Experience the award-winning
<a href="https://www.qualys.com/cloud-platform/">Qualys Cloud Platform</a> and the entire collection of
<a href="https://www.qualys.com/apps/">Qualys Cloud Apps</a>, including
<a href="https://www.qualys.com/certview/">certificate security</a> solutions.
</td></tr>
</table>
</div>
</div>
</body>
</html> |
|
@karnadii This could very well be an issue with Cloudflare checking the ciphers used during SSL negotiation as your cipher suite list is different from mine. I'd like to rule that out but I'll need a minute to work out a test. |
|
@karnadii Please use this command exactly to run your test: node --tls-cipher-list='GREASE_3A:GREASE_6A:AES128-GCM-SHA256:AES256-GCM-SHA256:AES256-GCM-SHA384:CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:RSA-AES128-GCM-SHA256:RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:RSA-AES256-SHA:3DES-EDE-CBC' a.js |
|
@pro-src Stacktrace |
|
@karnadii 🤔 Please run this code again but with the CLI flag that I provided: var cloudscraper = require('cloudscraper');
var fs = require('fs');
cloudscraper.get('https://www.ssllabs.com/ssltest/viewMyClient.html').then(body => fs.writeFileSync('./results.html', body, 'utf-8'), console.error);And please paste the results. |
|
@pro-src results.html |
|
The only thing I can think of, if it's not an IP issue, is that they're checking the signature algorithms:
I'm not sure how to tell node to change that right at the moment. |
|
@karnadii Actually, just try your web browser... If it works there than it's not an IP issue. 😆 |
|
@pro-src it work from my browser, as usual cloudflare 5 second chalenge(no CAPTCHA) then redirect to the https://nanime.in/. I dont have another device. |
|
@karnadii I've been aware of this issue but I didn't think nodejs was affected until now. It's clear that Cloudflare is putting the SSL negotiation under a microscope. Thanks for helping identify this problem! |
|
it is the same, I have tried both with "/" and without. Stacktrace |
|
Probably really was just a bogus redirect: https://github.com/request/request/blob/master/request.js#L269 |
|
node v10.8.0, how to find libss version? |
|
@karnadii |
|
oh god, i switch to node v12.1.0 and now it work... |
|
This is my process info: I don't have brotli installed. |
|
@karnadii Please run this one last time so we can do a comparison. CLI flag from earlier #211 (comment) I'm really glad that you got it working :) |
|
not working v10{ http_parser: '2.8.0', working v12 { |
|
@pro-src results.html<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Qualys SSL Labs - Projects / SSL Client Test</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link href="/includes/ssllabs.css" rel="styleSheet" type="text/css">
<link href="/includes/report.css" rel="styleSheet" type="text/css">
<link href="/includes/main.css" rel="styleSheet" type="text/css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
</head>
<body>
<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-MPWDSJ"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MPWDSJ');</script>
<!-- SHA 256 'sha256-b/ES1VZMgjYcvUcvmmSj/qEQTV6gTFugcTmkMS0E0qk='-->
<!-- End Google Tag Manager -->
<div id="page">
<div id="header">
<div id="logo">
<a href="/index.html" rel="noreferrer"><img src="https://ssllabs.com/images/qualys-ssl-labs-logo.png" width="341"
height="55" alt="SSL Labs logo" title="SSL Labs logo"></a>
</div>
<div id="navigation">
<a class="link" href="/index.html" rel="noreferrer">Home</a>
<a class="link" href="/projects/index.html" rel="noreferrer">Projects</a>
<a class="link" href="https://www.qualys.com/free-trial/" rel="noreferrer">Qualys Free Trial</a>
<a class="link" href="/about/contact.html" rel="noreferrer">Contact</a>
</div>
<br clear="all" />
</div>
<div id="breadcrumbs">
<b>You are here: </b>
<a href="/index.html">Home</a>
> <a href="/projects/index.html">Projects</a>
> SSL Client Test
</div>
<div id="main">
<div class="floatLeft">
<div class="reportTitle report-title-style">SSL/TLS Capabilities of Your Browser</div>
<div class="reportTime width-650"><b>User Agent:</b> Mozilla/5.0 (Linux; Android 9; Pixel 3 XL Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.85 Mobile Safari/537.36</div> </div>
<div class="floatRight"><br><a href="/ssltest/clients.html">Other User Agents »</a></div>
<br clear="all"/>
<div align="center">
<noscript>
<div id=warningBox class="warning-box-line-height">
<b>Without JavaScript, the following tests will not run:</b>
(1) Accurate protocol support, (2) SSL 3 POODLE vulnerability, (3) mixed content handling,
(4) TLS authentication bug in Apple's products, and (5) the FREAK attack.
Please enable JavaScript for best results.
</ul>
</div>
<br>
</noscript>
<div id="mixedCSSHiddenDiv1" class="display-none"></div>
<div id="mixedCSSHiddenDiv2" class="display-none"></div>
<iframe src="http://plaintext.ssllabs.com/plaintext/frame.html" class="display-none" width="0" height="0"></iframe>
<div id="hiddenImagesDiv" class="display-none"></div>
<div id="protocolSupportDiv" class="display-none"></div>
<div class="reportSection" id="protocolTestDiv">
<div class="sectionTitle" id="protocolTestHeading">Protocol Support</div>
<div class="sectionBody">
<div id="protocolTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking protocol support...</div>
<div id="protocolTestMsgNotes"></div>
</div>
</div>
<div class="reportSection" id="jamTestDiv">
<div class="sectionTitle">Logjam Vulnerability</div>
<div class="sectionBody">
<div id="jamTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="jamTestMsgNotes">
For more information about the Logjam attack, please go to
<a href="https://weakdh.org">weakdh.org</a>.<br>
To test manually, click <a href="https://www.ssllabs.com:10445/">here</a>.
Your user agent is not vulnerable if it fails to connect to the site.</div>
</div>
</div>
<div class="reportSection" id="freakTestDiv">
<div class="sectionTitle">FREAK Vulnerability</div>
<div class="sectionBody">
<div id="freakTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="freakTestMsgNotes">
For more information about the FREAK attack, please go to
<a href="https://www.freakattack.com">www.freakattack.com</a>.<br>
To test manually, click <a href="https://www.ssllabs.com:10444/">here</a>.
Your user agent is not vulnerable if it fails to connect to the site.</div>
</div>
</div>
<div class="reportSection" id="ssl3TestDiv">
<div class="sectionTitle">POODLE Vulnerability</div>
<div class="sectionBody">
<div id="ssl3TestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="ssl3TestMsgNotes">For more information about the POODLE attack, please read <a href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack">this blog post</a>.</div>
</div>
</div>
<div class="reportSection" id="ssl2TestDiv">
<div class="sectionTitle">SSL 2 Protocol Support</div>
<div class="sectionBody">
<div id="ssl2TestMsg"><font color="red">Your user agent supports SSL 2. You should upgrade.</font></div>
<div id="ssl2TestMsgNotes">SSL 2 is a very old, obsolete, and insecure version of the SSL protocol. You can usually disable this protocol
version in configuration, but modern clients don't support it at all. This really means that you should upgrade your software
to a better version.</div>
</div>
</div>
<script type="text/javascript" src="/includes/viewClient.js"></script>
<input id="mainsitehost" type="hidden" value=www.ssllabs.com >
<input id="plaintextSiteHost" type="hidden" value=plaintext.ssllabs.com >
<div class="reportSection" id="appleTestDiv">
<div class="sectionTitle">iOS and OS X TLS Authentication Vulnerability</div>
<div class="sectionBody">
<div id="appleTestMsg"><img src=/images/progress-indicator.gif width=16 height=16> Please wait, checking if your user agent is vulnerable...</div>
<div id="appleTestMsgNotes">To test manually, <a href="https://www.ssllabs.com:10443">click here</a>. If your
user agent refuses to connect, you are not vulnerable. This test requires a connection to the SSL Labs
server on port 10443. A strict outbound firewall might interfere. You should test Safari running on
iOS or OS X. Chrome and Firefox are not vulnerable, even when running on a vulnerable operating system.
<a href="https://community.qualys.com/blogs/securitylabs/2014/02/24/ssl-labs-testing-for-apples-tls-authentication-bug"><b>MORE »</b></a></div>
<script type="text/javascript" src="/includes/viewClient-appleTest.js"></script>
</div>
</div>
<div class="reportSection">
<div class="sectionTitle">Protocol Features</div>
<div class="sectionBody">
<input id="tls13Support" type="hidden" value=-1 >
<img class="tIcon" src="/images/icon-protocol.png" width="65" height="50">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="2" align="left">Protocols</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_3_label"> TLS 1.3 </td>
<td class="tableRight" id="protocol_tls1_3">No</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_2_label">TLS 1.2</td>
<td class="tableRight" id="protocol_tls1_2">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">TLS 1.1</td>
<td class="tableRight" id="protocol_tls1_1">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_tls1_label">TLS 1.0</td>
<td class="tableRight" id="protocol_tls1">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_ssl3_label">SSL 3</td>
<td class="tableRight" id="protocol_ssl3">Yes*</td>
</tr>
<tr class="tableRow">
<td class="tableLeft" id="protocol_ssl2_label">SSL 2</td>
<td class="tableRight" id="protocol_ssl2">No</td>
</tr>
<noscript>
<tr class="tableRow">
<td colspan=2 align=left>
<span class="color666666">(*) Without JavaScript, this test reliably detects only the highest supported protocol.</span>
</td>
</tr>
</noscript>
</tbody>
</table>
<br><br>
<img class="tIcon" src="/images/icon-cipher.png" width="65" height="50" alt="">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Cipher Suites (in order of preference)</td>
</tr>
</thead>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_128_GCM_SHA256 (<code>0x9c</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>128</font></td>
</tr>
<tr>
<td class="tableLeft"><font color=#F88017>TLS_RSA_WITH_AES_256_GCM_SHA384 (<code>0x9d</code>) <b>WEAK</b></font></td>
<td class="tableRight"><font color=#F88017>256</font></td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (<code>0xc02b</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (<code>0xc02f</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">128</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (<code>0xc02c</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (<code>0xc030</code>)
<span class="dhParams color-green">Forward Secrecy</span>
</td>
<td class="tableRight">256</td>
</tr>
<tr>
<td class="tableLeft">TLS_EMPTY_RENEGOTIATION_INFO_SCSV (<code>0xff</code>)</td>
<td class="tableRight">-</td>
</tr>
<tr class="tableRow">
<td colspan=2 align=left>
<span class="color666666">(1) When a browser supports SSL 2, its SSL 2-only suites are shown
only on the very first connection to this site. To see the suites,
close all browser windows, then open this exact page directly. Don't refresh.</span>
</td>
</tr>
</table>
<br><br>
<img class="tIcon" src="/images/icon-protocol-details.png" width="65" height="50" alt="">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="2" align="left">Protocol Details</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLabel" width="250">Server Name Indication (SNI)</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Secure Renegotiation</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=green>TLS compression</font></td>
<td class="tableCell"><font color=green>No</font></td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Session tickets</td>
<td class="tableCell">Yes</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=#F88017>OCSP stapling</font></td>
<td class="tableCell"><font color=#F88017>No</font></td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Signature algorithms</td>
<td class="tableCell">
SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, Ed25519, Ed448, Unknown (0x8)/Unknown (0x9), Unknown (0x8)/Unknown (0xa), Unknown (0x8)/Unknown (0xb), RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA1/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA </td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Named Groups</td>
<td class="tableCell">
x25519, secp256r1, x448, secp521r1, secp384r1</td>
</tr>
<tr class="tableRow">
<td class="tableLabel">Next Protocol Negotiation</td>
<td class="tableCell">No</td>
</tr>
<tr class="tableRow">
<td class="tableLabel" width="250">Application Layer Protocol Negotiation</td>
<td class="tableCell">No</td>
</tr>
<tr class="tableRow">
<td class="tableLabel"><font color=green>SSL 2 handshake compatibility</font></td>
<td class="tableCell"><font color=green>No</font></td>
</tr>
</tbody>
</table>
<br>
</div>
</div>
<div class="reportSection display-none" id="mixedDiv">
<div class="sectionTitle">Mixed Content Handling</div>
<div class="sectionBody">
<img class="tIcon" src="/images/icon-misc.png" width="65" height="50">
<table class="reportTable">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Mixed Content Tests</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft">Images</td>
<td class="tableRight width-100">Passive</td>
<td class="tableRight width-100" id="mixedImages">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">CSS</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedCssLink">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">Scripts</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedScripts">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">XMLHttpRequest</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedXhr">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">WebSockets</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedWebSockets">Testing...</td>
</tr>
<tr class="tableRow">
<td class="tableLeft">Frames</td>
<td class="tableRight">Active</td>
<td class="tableRight" id="mixedFrame">Testing...</td>
</tr>
<tr class="tableRow">
<td colspan="3" align="left">
<span class="color666666">(1) These tests might cause a mixed content warning in your browser. That's expected.<br></span>
<span class="color666666">(2) If you see a failed test, try to reload the page. If the error persists, please get in touch.</span>
</td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable report-table-margin">
<thead>
<tr>
<td class="tableHead" colspan="3" align="left">Related Functionality</td>
</tr>
</thead>
<tbody>
<tr class="tableRow">
<td class="tableLeft">Upgrade Insecure Requests request header (<a href="https://w3c.github.io/webappsec/specs/upgrade/">more info</a>)</td>
<td class="tableRight">Yes</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/includes/viewClient-clientTest.js"></script>
</div>
</div>
</div>
<div id="pageEnd">
<div id="copyright">
<table width=1050 border=0 cellpadding=5 cellspacing=0><tr>
<td class="footer">
Copyright © 2009-2019 <a href="https://www.qualys.com">Qualys, Inc</A>. All Rights Reserved.
</td><td align=right class="footer">
<a href="https://www.ssllabs.com/about/terms.html" rel="noreferrer">Terms and Conditions</a>
</td></tr>
<tr>
<td class="footer">
<a href="https://www.qualys.com/free-trial/">Try Qualys for free!</a> Experience the award-winning
<a href="https://www.qualys.com/cloud-platform/">Qualys Cloud Platform</a> and the entire collection of
<a href="https://www.qualys.com/apps/">Qualys Cloud Apps</a>, including
<a href="https://www.qualys.com/certview/">certificate security</a> solutions.
</td></tr>
</table>
</div>
</div>
</body>
</html> |
|
thanks guys :D |
|
Here is a screenshot of the html you just pasted, it matches mine exactly now: I think it's pretty conclusive that the problem was indeed the signature algorithms and that upgrading your nodejs (and it's build of openssl) solved the problem. So it'd be nice if we could find a way to override that so other people won't face similar problems. |
|
Further proof and a very bad work around: var cloudscraper = require('cloudscraper');
cloudscraper.get({ agentOptions: { secureProtocol: 'TLSv1_1_method' }, uri: 'https://nanime.in' }).then(console.log)Works when running the same process:
|
|
@karnadii Can I get you to try this out on your system to confirm a fix? Code snippetif (process.version !== 'v10.8.0') {
throw Error('Please run this test with the affected node version.');
}
const ciphers = [
'AES128-GCM-SHA256',
'AES128-SHA',
'AES128-SHA256',
'AES256-GCM-SHA384',
'AES256-SHA',
'AES256-SHA256',
'DHE-PSK-AES128-CBC-SHA',
'DHE-PSK-AES128-CBC-SHA256',
'DHE-PSK-AES128-GCM-SHA256',
'DHE-PSK-AES256-CBC-SHA',
'DHE-PSK-AES256-CBC-SHA384',
'DHE-PSK-AES256-GCM-SHA384',
'DHE-PSK-CHACHA20-POLY1305',
'DHE-RSA-AES128-GCM-SHA256',
'DHE-RSA-AES128-SHA',
'DHE-RSA-AES128-SHA256',
'DHE-RSA-AES256-GCM-SHA384',
'DHE-RSA-AES256-SHA',
'DHE-RSA-AES256-SHA256',
'DHE-RSA-CHACHA20-POLY1305',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES128-SHA',
'ECDHE-ECDSA-AES128-SHA256',
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES256-SHA384',
'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-PSK-AES128-CBC-SHA',
'ECDHE-PSK-AES128-CBC-SHA256',
'ECDHE-PSK-AES256-CBC-SHA',
'ECDHE-PSK-AES256-CBC-SHA384',
'ECDHE-PSK-CHACHA20-POLY1305',
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-SHA',
'ECDHE-RSA-AES128-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES256-SHA384',
'ECDHE-RSA-CHACHA20-POLY1305',
'PSK-AES128-CBC-SHA',
'PSK-AES128-CBC-SHA256',
'PSK-AES128-GCM-SHA256',
'PSK-AES256-CBC-SHA',
'PSK-AES256-CBC-SHA384',
'PSK-AES256-GCM-SHA384',
'PSK-CHACHA20-POLY1305',
'RSA-PSK-AES128-CBC-SHA',
'RSA-PSK-AES128-CBC-SHA256',
'RSA-PSK-AES128-GCM-SHA256',
'RSA-PSK-AES256-CBC-SHA',
'RSA-PSK-AES256-CBC-SHA384',
'RSA-PSK-AES256-GCM-SHA384',
'RSA-PSK-CHACHA20-POLY1305',
'SRP-AES-128-CBC-SHA',
'SRP-AES-256-CBC-SHA',
'SRP-RSA-AES-128-CBC-SHA',
'SRP-RSA-AES-256-CBC-SHA',
'TLS_AES_128_GCM_SHA256',
'TLS_AES_256_GCM_SHA384',
'TLS_CHACHA20_POLY1305_SHA256'
].join(':');
const cloudscraper = require('cloudscraper').defaults({ agentOptions: { ciphers } });
cloudscraper.get('https://nanime.in').then(console.log, console.error); |
|
@pro-src it works |
|
Thank you, I'll send a PR soon so we can get this fix released. |
|
@pro-src i have try using node v10.8.0, v10.15.3 and v12.1.0, only v12.1.0 give me succes, v10.15.3 also give me error |
|
Thanks for letting me know, I'll be testing as many node versions as possible before sending an official PR for peer review. |
ghost
mentioned this issue
ghost
changed the title
This was referenced May 8, 2019
|
Upon reexamination, the TLSv1.3 ciphers don't appear to be solving the problem after all. Rather the ciphers are changed in a non-intuitive way. The list of ciphers obtained from The difference doesn't appear to disagree with what's been observed in a similar issue for python: Anorov/cloudflare-scrape#235 While the current code is solving the problem for users using old openssl versions, it's possible that some users might still encounter this problem even on the most recent version of openssl. Thanks to @lukastribus for causing me to question the effect of the TLSv1.3 ciphers. |
|
I do believe that this article explains why Cloudflare made these changes recently: https://community.cloudflare.com/t/tls-1-0-to-1-2-why/83643 |
|
hello, I don't know why but I still get error when using cloudscraper with nodejs version lower than 12. I am using the newest version 4.1.4. I believe I am not the only one facing this error, the error message is not helpful either, so at least inform user to update to newest version of node if they having the same error. maybe #251 also related to this error, and the user is clueless of what is the error. stacktrace |
|
Hey @karnadii, I'm sorry to hear that. The README has been updated with information that may help avoid the CAPTCHA on other versions of Node.js: https://github.com/codemanki/cloudscraper#recaptcha
Unfortunately, it's not as simple as only updating Node.js to v12. Changing Node.js versions won't fix this issue for everybody as it is largely Device/Node.js version specific. Said another way, it is largely CPU features, OpenSSL version, Node.js default cipher suite specific. These are the CAPTCHA issues that are TLS related: https://github.com/codemanki/cloudscraper/issues?utf8=✓&q=tls Please try the tips mentioned in the README and report back whether they work for you. The more feedback we get, the better we'll know what to put in error messages. Cheers. |
|
I really don't know about this tls thing. and I forget https://github.com/codemanki/cloudscraper#recaptcha is solving this issue. thanks for the explanation. it has been long since I last used cloudscraper and forget about this agentoptions things. and since this issue already closed, I thought I can use it without this agentoption. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The text was updated successfully, but these errors were encountered: