Akamai Detecting when trying to Login #155
Comments
|
Same here. What irritates me: when you open a browser window by script, but then type the URL by hand, the site is still blocked. If you open the browser by hand, the site works here. So it must be something that is passed to browser when it is opened. |
|
Ya, im not sure what of fix would work I have tried user agents but to no avail. Akamai is really stepping up there game. |
|
My problem is cloudflare. But same issue here. |
|
I checked the data further and maybe I have an idea. Need to do further tests. |
|
If you use v2, you can even close the driver while cloudflare is in it's 5s detection loop and will instantly be back to "human" mode. Does someone have an akamai protected example url for me to analyze? |
|
I only have a cf site.. http://tutti.ch |
I need akamai example. I got my own cf bot-fight-mode-enabled site to test with. |
|
Currently having the same issue for Cloudflare. Worked until 3-4 days ago. |
|
Also no longer working on Incapsula. Im wondering if its due to a chrome update? On version 90+ atm. |
|
https://www.nike.com uses the newest Akamai version. |
|
Live from bathroom so sorry for quality
I think you are trying to access some login page, DIRECTLY, which akamai successfully blocks because no previous cookies. Try to enter main website before the login URLs and so on. |
|
No, cookies are not the point. I successfully figured out that I am able to login if I start Chrome from within the command line with a fresh chrome profile. The same procedure using Selenium returns an error. Same problem with Puppeteer and Playwright. I guess those browser automation tools change something in the browser which get's detected by Akamai. Edit: Opening the page is not blocked by Akamai. It's the login / registration. |
|
What you describe is exactly what v2 does.... |
|
I fully agree browser behavior changes when debug/automation is connected although google says it doesn't 🤣 |
|
Yeah it definitely changes something within the browser. Akamai knows it - we (or I? ;)) don't... |
|
I did not have problem with akamai. I can't determine your workflows if you dont post full examples with code and errors of what you are doing |
|
@ultrafunkamsterdam Result without Selenium:
Result with Selenium (also with V2)
|
ok so heres an example https://www.nike.com/ca/launch Try logging into an account through this page with the driver. They will block your login. This has just recently happened after heightened Akamai security. |
It has all to do with timings. Well if i wasnt too busy answering all those issues which are raised by people who have to either need to learn python, read selenium docs, search google, and people having individual problems (and not sending any code, errors etc), for some random site they think they can abuse for free coupons, game cash and whatnot other cheapass stuff, then we'd never know. luckiliy i still have cleartext botprotect.io code which i definitely need to read and test. It has the "Secret" thing. But it's just A FREAKING LOT. And regarding the difference in browser when automating or not. final_608806008c74730104d39fc8_252044.2.mp4 |
Do you have Discord or similar mate? I would love to check that botprotect code and try to help, I have been working on bot detection also for quite a while. Cheers for your work |
|
From my subjective pov it seems to me that at least the first check takes longer with webdriver control. Is there a way to actually measure this? Maybe compare the timestamps of requests between human and webdriver control? If there is actually a difference, what causes it? Additional calculations in the challenge? Additional requests? The server does not know the performance of the client, so the timing cannot be the only criteria, since you cannot compare it to anything? Pardon my naive questions that won't be very helpful, I guess... :-( |
|
After hours of research, for some reason this works: use chrome with this extra arg: "--disable-popup-blocking" I have also tried to open a new tab and then use the driver.get but only works like 70% of the times, but still works some times. It's weird because as @ultrafunkamsterdam showed on his video, they should still be able to detect that the remote debugger is attached, but maybe fails because they are checking the other tab, but if that was the case, is it that when you do driver.get the debugger gets attached to the new window? PD: I have been doing some more tests and if you try to get the source page or do anything in the page before passing the CF challenge on the new tab, the challenge won't pass, so could be that debugger it's not attached to new tab untill you do something with it, interesting at least, maybe someone can follow up. |
|
Once you passed the challenge you should have 2 cookies set in your session? Could you add those cookies to your webdriver session before fetching the website? |
Yes that should be possible using some clever javascripting, or --still working on that-- being able reusing the same profile folder using options.add_argument('--user-data-dir=path/to/folder') EDIT: cloudflare stores this information per session (browser window). so the above will not solve that particular problem.
👍 Actually that is kind of how v2 already does it :) you could have saved some work. import undetected_chromedriver.v2 as uc
driver = uc.Chrome()
with driver:
driver.get('https://coinfaucet.eu')
driver.save_screenshot('lol.png') |
Yes I know that v2 disables the service, but I found interesting that opening a new tab without having to close or restart any session works. And also what was interesting was that if I requested page_source or done something on the new tab, then the CF would fail, my idea was not to solve CF but find why they are detecting it. Maybe there is a way to check what changes on a new tab when requesting page_source or doing anything with selenium. |
|
You showed, that disconnecting the webdriver during the forwarding loop is enough to make the page work. So in theory there must be a difference between the request before the disconnect and the following request, when the webdriver is already disconnected. Could a compare between those 2 requests help? It could be the timing also, but I guess that would be very unreliable, since the PC of the client might be slowed down by some application or whatever. So I guess th data must be different? |
|
Since about 2 days I'm facing a login error on Nike. Code: Manually navigate to Nike and try to login. The following error occurs. My IP is not banned, because I am able to login manually without starting Chrome using undetected_chromedriver. Example login page: |
|
@ultrafunkamsterdam Could you give us a short update about this issue? |
It can not reconnect??? |
|
I heard that akamai SRC was leaked, not sure if thats true. |
Hi,
A website I use your chromedriver for has recently changed there Akamai protection. Now when I try to login they block my login request. Is there anyway to fix this or is this something you could look into?
The text was updated successfully, but these errors were encountered: