Reduce false positives (those caused by WAFs and bot detection) #2069
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Discussions are taking place elsewhere about false positives and bot detection circumvention.
The Cloudflare bypass, even if implemented, will fail occasionally as Cloudflare updates their detection methods. Until the maintainer of whatever bypass mechanism is able to update their tool, Sherlock users will randomly see false positives.
In either case, this PR significantly reduces the number of false positives that appear as more and more sites switch to using WAFs that function like Cloudflare. If a known WAF block page is detected, the QueryStatus of WAF is applied rather than running the standard (and now useless) error checks. Results with the status of WAF are only displayed with
--print-all
and bear a status message indicating such.The error message also indicates that a proxy (such as FlareSolverr) may help.
Paired with #2068, the number of false positives presented to the user drop significantly.
Fixes #1878 (as the use of a proxy may allow Fiverr to function as desired, and it won't display false positives otherwise)
Update: This PR now also includes a fingerprint for PerimeterX -- the "press and hold" captcha service sometimes also used by sites like Fiverr