Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

登陆的时候,出现CAPTCHA验证 #155

Open
kanren3 opened this issue Jan 15, 2021 · 9 comments
Open

登陆的时候,出现CAPTCHA验证 #155

kanren3 opened this issue Jan 15, 2021 · 9 comments
Labels
question

Comments

@kanren3
Copy link

kanren3 commented Jan 15, 2021

image
@upbit upbit added the question label Jan 15, 2021
@upbit
Copy link
Owner

upbit commented Jan 15, 2021

CAPTCHA是绕不过的,加的功能也只能一定程度上避免
尝试更换代理,或者账号试试

@upbit
Copy link
Owner

upbit commented Jan 15, 2021

如果是出现其他错误码,比如10054,可以参考这个解决:
#138

@kanren3
Copy link
Author

kanren3 commented Jan 15, 2021

好吧。。。值得一提的是,我使用apipost软件进行访问的时候,它可以绕过这个,不太清楚怎么弄得
image

@NaughtDZ
Copy link

如果登录时能用上pixiv的cookie中的PHPSESSID话,就不会有这种情况。
同样是Python写的pixivutil就是用这种方法解决的

@upbit
Copy link
Owner

upbit commented Jan 29, 2021

PHPSESSID绕过具体是用的什么原理?

@NaughtDZ
Copy link

NaughtDZ commented Jan 29, 2021
edited

PHPSESSID绕过具体是用的什么原理?

当你在浏览器登陆成功时,P站在经过一些认证或者其他处理后,会返回一个名为PHPSESSID的cookie作为你的一个登陆凭证,如果你已经有这个cookie的话,服务器端就不会再做其他奇奇怪怪的验证(就好比公交车月票卡,你办的时候要经过一堆手续,但是用的时候只要有月票就行)
PixivUtil2这个项目也是开源的python程序
https://github.com/Nandaka/PixivUtil2
具体可以参照看看它是怎么做的
有关语句:
`
def _loadCookie(self, cookie_value, domain):
""" Load cookie to the Browser instance """
ck = None

    if "pixiv.net" in domain:
        ck = http.cookiejar.Cookie(version=0, name='PHPSESSID', value=cookie_value, port=None,
                                   port_specified=False, domain='pixiv.net', domain_specified=False,
                                   domain_initial_dot=False, path='/', path_specified=True,
                                   secure=False, expires=None, discard=True, comment=None,
                                   comment_url=None, rest={'HttpOnly': None}, rfc2109=False)
    elif "fanbox.cc" in domain:
        ck = http.cookiejar.Cookie(version=0, name='FANBOXSESSID', value=cookie_value, port=None,
                                   port_specified=False, domain='fanbox.cc', domain_specified=False,
                                   domain_initial_dot=False, path='/', path_specified=True,
                                   secure=False, expires=None, discard=True, comment=None,
                                   comment_url=None, rest={'HttpOnly': None}, rfc2109=False)
    if ck is not None:
        self.addCookie(ck)

`

@upbit upbit mentioned this issue May 20, 2021
Closed
@liuzikai
Copy link

PHPSESSID绕过具体是用的什么原理?

当你在浏览器登陆成功时,P站在经过一些认证或者其他处理后,会返回一个名为PHPSESSID的cookie作为你的一个登陆凭证,如果你已经有这个cookie的话,服务器端就不会再做其他奇奇怪怪的验证(就好比公交车月票卡,你办的时候要经过一堆手续,但是用的时候只要有月票就行)
PixivUtil2这个项目也是开源的python程序
https://github.com/Nandaka/PixivUtil2
具体可以参照看看它是怎么做的
有关语句:
`
def _loadCookie(self, cookie_value, domain):
""" Load cookie to the Browser instance """
ck = None

    if "pixiv.net" in domain:
        ck = http.cookiejar.Cookie(version=0, name='PHPSESSID', value=cookie_value, port=None,
                                   port_specified=False, domain='pixiv.net', domain_specified=False,
                                   domain_initial_dot=False, path='/', path_specified=True,
                                   secure=False, expires=None, discard=True, comment=None,
                                   comment_url=None, rest={'HttpOnly': None}, rfc2109=False)
    elif "fanbox.cc" in domain:
        ck = http.cookiejar.Cookie(version=0, name='FANBOXSESSID', value=cookie_value, port=None,
                                   port_specified=False, domain='fanbox.cc', domain_specified=False,
                                   domain_initial_dot=False, path='/', path_specified=True,
                                   secure=False, expires=None, discard=True, comment=None,
                                   comment_url=None, rest={'HttpOnly': None}, rfc2109=False)
    if ck is not None:
        self.addCookie(ck)

`

遇到了同样的问题,尝试了加 cookies,虽然最后 pixivpy 没更新可能才是根本原因...

cookies 可以通过 AppPixivAPI 传进去:
api = AppPixivAPI(cookies={"PHPSESSID": "..."})

Pixiv OAuth Flow 浏览器登录的话,可以在请求详情找到 PHPSESSID

@upbit
Copy link
Owner

upbit commented Aug 22, 2021

PHPSESSID 应该是会过期的,而refreshToken不会(或者过期远比PHPSESSID长)。
通过cookies传递倒是个好方法,和上面loadCookie()异曲同工,其实都依赖于之前OAuth时返回的cookie;不过有些场景是直接通过refreshToken重新登录的(比如demo里的方法)

可以看看如果生成假的PHPSESSID能不能绕过 CAPTCHA,如果可以倒是可以mock一个

@y-young y-young mentioned this issue Mar 18, 2022
Closed
@y-young
Copy link
Contributor

y-young commented Sep 11, 2022

最近我“幸运“地在本地复现了这个问题,经过试验有以下发现:

  • 用Postman默认的UA,正常
  • 不发送UA,正常
  • 用Pixivpy默认的UA(PixivAndroidApp/5.0.115 (Android 6.0; PixivBot)),被挡
  • 把默认的UA稍作改动,改成PixivAndroidApp/5.0.115,正常
  • 用浏览器UA(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36),被挡(?)
  • 把浏览器UA稍作改动,改成AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36,正常(?)
  • 用Pixivpy默认的UA配合PHPSESSID,被挡

这样看来应该是CloudFlare也会根据UA评估风险,如果某个UA操作过于异常就容易触发检查,当然也跟IP有关,不过目前看起来通过改UA是可以绕过一部分检查的,只是稳定性恐怕无法保证。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@upbit @y-young @liuzikai @kanren3 @NaughtDZ