[User feedback required] bug: cloudflare captcha doesn't work via proxy

[Owyn]

03.04.17 19.07.50 <--> 03.04.17 19.15.29 jdlog://9403089150841/

1st:

when I open the browser and successfully solve captcha happens:
2nd:


downloading and adding links also doesn't work thru cloudflare, same bug with its captcha not getting thru, it just keeps asking for captcha repeatedly


If I use a proxy which isn't stopped by cloudflare all works fine

proxy is configured to use whitelist for bato.to only (so account checking works there)

proxy is TOR ( **External links are only visible to Support Staff****External links are only visible to Support Staff** ) socks5 socks5://127.0.0.1:9150 which usually gives cloudflare protection on the bato.to

example download link for bato.to which doesn't require an account there: **External links are only visible to Support Staff****External links are only visible to Support Staff**

:outch:

[raztoki]

tor is known to be punished by cloudflare
if you use tor you will be given more captcha challenges.

in respect to the captcha not working, your log shows that you 'skipped' captchas

at first no proxy

Code:

--ID:573TS:1491235912256-4/3/17 7:11:52 PM -  [] -> java.net.SocketTimeoutException: connect timed out

then later with proxy, straight away 403 block which is recaptchav2

Code:

--ID:573TS:1491235949172-4/3/17 7:12:29 PM -  [] -> jd.controlling.captcha.SkipException: BLOCK_HOSTER

then on after it will auto skip since you said block

Code:

--ID:709TS:1491236039244-4/3/17 7:13:59 PM -  [] -> jd.controlling.captcha.SkipException: SINGLE
	at org.jdownloader.captcha.v2.ChallengeResponseController.handle(ChallengeResponseController.java:295)

so from respects to log everything is working as intended.
also remember that openbrowser works on localhost loopback so if you use tor in browser you might run up against issue, at times those ips are excepted from using proxy in proxy settings (system or browser).

My advice is not to use TOR (mentioned a few times on our forum), as you will be unfairly punished with recapthcav2 events.

raztoki

[Owyn]

> in respect to the captcha not working, your log shows that you 'skipped' captchas

I wouldn't have come here If that was the case

> My advice is not to use TOR

Without the proxy result would be even worse - no connection at all cause it is blocked by government.

If I have to enter a captcha - so be it, but I at least expect it to work so my captcha-entering wouldn't be for nothing.

since people here don't seem to like logs containing more than single action, here's (hopefully) a log with just that captcha bug without any skippings or any other actions done, restarted the JD right before making the log (I hope it'd help): 03.04.17 21.54.05 <--> 03.04.17 21.55.03 jdlog://1223089150841/

[raztoki]

sorry logs don't typically lie, I can only go from what is stated within. Restarting JD, it will clear any blocks you initiated (on purpose or by mistake). You indicated you have done that. You can also clear the skip status bottom right hand corner on the skip icon.

with your new log it's basically clean, and login after restart failed but I can't see the http requests as we don't log it unless users enable debug mode (see advanced setting, https://support.jdownloader.org/Know...d-session-logs). Other than that nothing really happened.

Code:

------------------------Thread: 84:accountCheck:bato.to_jd.plugins.hoster.BatoTo-----------------------
--ID:84TS:1491245692822-4/3/17 9:54:52 PM -  [] -> jd.plugins.PluginException: 
Plugin broken, please contact the JDownloader Support!->ERROR_PREMIUM|Value:1
	at jd.plugins.hoster.BatoTo.login(BatoTo.java:176)

If you keep having issues try using another proxy service(private or public) or proxy like service (vpn) which doesn't get treated in such a negative light by cloudflare. For more information about this issue, please google 'TOR cloudflare'. It's public knowledge that you will get punished by cloudflare platform. I have read in recent time that they are trying to be less intrusive.

[Owyn]

I thought it should write something useful to the log after the "plugin broken, contact support" message which could help fix the error at line "BatoTo.java:176" , strange that it doesn't...

ok, I've enabled debug in advanced options, restarted and reproduced to the point where it asks to contact support (like on screens in the 1st post):
04.04.17 02.55.48 <--> 04.04.17 02.56.37 jdlog://1143089150841/

despite cloudflare overprotection TOR seems like a good generic socks5 proxy just suited for use with JD perfectly without the need to buy anything or search for free proxies for a pretty long time or to proxify all traffic in the system and not just the JD one,

I can manage entering few captchas with it but the thing now is that entering captcha simply doesn't work...

[raztoki]

the problem with tor and cloudflare combination is the sheer traffic that tor' exit nodes flood there network with. This is why it automatically triggers the 403 event. Reason I commented VPN or a lesser used proxy service is the ratio of traffic will be a lot less.

thanks for the debug log, now I can see what has happened.
recaptchav2 event in which you answered correctly, cloudflare then redirects to homepage as it should, then you get hit by another 403, which is typical from what I've seen in the past with tor. =[

I have work now, so I can't spend any time on it now, but for memory it's not fixable from our side. I haven't place in retries in the antiddos method because it will end up in endless loop.


raztoki

[Jiaz]

What happens when you try to use tor in browser with that site?

[Owyn]

Quote:

Originally Posted by Jiaz

What happens when you try to use tor in browser with that site?

It opens fine all the time, tried pressing "new identity" to get new exit node 5 times, 5 times there was no clodflare in browser.

[Jiaz]

Can you provide a new logfile?

[Owyn]

sure: 05.04.17 18.00.41 <--> 05.04.17 18.01.09 jdlog://0244089150841/

[raztoki]

so that option is within tor browser extension? or tor proxy software you do that in?

[Owyn]

Quote:

Originally Posted by raztoki

so that option is within tor browser extension? or tor proxy software you do that in?

option?

I use all default options, just downloaded TOR browser bundle from their website

to get new identity (exit node) - click tor extension icon in their browser and select "new identity"

[raztoki]

When I used tor last you had tor <> privoxy? <> browser, hence my previous question.

I'll ask if jiaz has vps I could use, as test environment.

raztoki

[Jiaz]

@raztoki: how can I help ? virtual machine for the win

[Owyn]

Yes, I remember privoxy too, but since then they just simplified everything into their "TOR bundle" which looks like a browser but also provides socks proxy in the background somewhere, just launch TOR browser and socks5 proxy would become usable via socks5://127.0.0.1:9150 address

[raztoki]

just to let you know that I did fix this, months ago but never committed as it never 'worked' as such. Many hours wasted, at least I know why today. Until further notice 403 cloudflare support is disabled to prevent wasteful captcha challenges locally or remotely. I probably should have disabled 403 support back then... and for that it was mistake on my part.

raztoki

[Owyn]

Thx for the effort anyway...

lets just hope other download websites won't implement such impenetrable protection to check if user uses a real browser and not a jdownloader

[raztoki]

it will be re-enabled again, just not sure of the eta.