xavierlucio Posted November 12, 2019 Posted November 12, 2019 Hello all, I have a big problem since my hoster provider got cloudfare 2 days ago and now my login is not working because it supposedly asks for a captcha(but you cannot see it), so my customers cannot log in anymore. I've tracked the URI and request with wireshark and confirmed this is the problem. My login program uses httprequest and json, so I use this: Func _httpRequest($url, $method = 'GET', $postData = '') $method = StringLower($method) Local $oHTTP = ObjCreate('WinHttp.WinHttpRequest.5.1') $oHTTP.Open($method, $url, False) $oHTTP.SetRequestHeader('User-Agent', 'Juno_okyo - AutoIt v' & @AutoItVersion) $oHTTP.SetRequestHeader('Referer', 'https:/junookyo.blogspot.com/') $oHTTP.SetRequestHeader('X-Requested-With', 'XMLHttpRequest') If $method = 'get' Then $oHTTP.Send() Else $oHTTP.SetRequestHeader('Content-Type', 'application/x-www-form-urlencoded') $oHTTP.SetRequestHeader('Content-Length', StringLen($postData)) $oHTTP.Send($postData) EndIf $oHTTP.WaitForResponse Local $HeaderResponses = $oHTTP.GetAllResponseHeaders() Local $ret[4] If StringInStr($HeaderResponses, 'Location:') <> 0 Then $ret["0"] = $oHTTP.GetResponseHeader('Location') $ret["1"] = 1 Else $ret["0"] = '' $ret["1"] = 0 EndIf $ret["2"] = $oHTTP.Responsetext $ret["3"] = $oHTTP.GetAllResponseHeaders() Return $ret EndFunc And for JSON requests: Global Const $SERVER = 'http://xxx/index.php?act=' Global Const $ENDPOINT_LOGIN = $SERVER & 'login' Global Const $ENDPOINT_LOGOUT = $SERVER & 'logout' Global Const $ENDPOINT_CREATE = $SERVER & 'create' Global Const $ENDPOINT_UPDATE = $SERVER & 'update' Global Const $ENDPOINT_READ = $SERVER & 'read' Global Const $ENDPOINT_DELETE = $SERVER & 'delete' Local $data, $request $data = 'username=' & urlEncode($username) $data &= '&password=' & urlEncode($password) $request = _httpRequest($ENDPOINT_LOGIN, 'POST', $data) Local $json = Json_Decode($request[2]) Local $success = Json_Get($json, '["success"]') If $success Then Global $loggedin = true So my idea was to popup a window browser directly to the captcha but it is not working since they use a cookie and openning a windows broswer gives you another cookie, anyway. So then I found in wireshark the html code of the captcha when i got the login error, but how can I make this html code or captcha page pop up when the login requieres me to solve the captcha? That's what I get from wireshark: expandcollapse popupPOST /AutoIt/index.php?act=login HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded; Charset=UTF-8 Accept: */* Referer: xxx User-Agent: Juno_okyo - AutoIt v3.3.14.5 X-Requested-With: XMLHttpRequest Content-Length: 34 Host: xxx.hostingerapp.com username=xxx&password=xxxHTTP/1.1 403 Forbidden Date: Tue, 12 Nov 2019 21:17:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Chl-Bypass: 1 Set-Cookie: __cfduid=d4ca74ec4c6bc5ad039420a3cf3435f291573593451; expires=Wed, 11-Nov-20 21:17:31 GMT; path=/; domain=.hostingerapp.com; HttpOnly Cache-Control: max-age=2 Expires: Tue, 12 Nov 2019 21:17:33 GMT X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 534b887f8e432f99-MAD <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Attention Required! | Cloudflare</title> <meta name="captcha-bypass" id="captcha-bypass" /> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]--> <style type="text/css">body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]--> <!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-wrapper cf-header cf-error-overview"> <h1 data-translate="challenge_headline">One more step</h1> <h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> u377712385.hostingerapp.com</h2> </div><!-- /.header --> <div class="cf-section cf-highlight cf-captcha-container"> <div class="cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <div class="cf-highlight-inverse cf-form-stacked"> <form class="challenge-form" id="challenge-form" action="/cdn-cgi/l/chk_captcha" method="get"> <input type="hidden" name="s" value="e046816da7db24449070fc37fb882810b7bb7353-1573593451-0-Adyk5wVyRfCgsctrbU7pT9az6K+n6b57RF3JHI9haB8+eweskwN4cDKRPDc7kTGMEK0ap/HwcnpVEIYhQo9Q11RJ4mZSsnoQDO8vI+603XE1U+c5W4hW9RK6KauP4+/D1Dz2RCX0Bx58m4bjltmenIx/nJMckW/LsGiBLkDzXC2aEE0cLeewgM15ZDx4TMizog8IPruaM3APHJAmF9IoMHrmkM+31IoKAP8Wzq/51dVw"></input> <script type="text/javascript" src="/cdn-cgi/scripts/cf.challenge.js" data-type="normal" data-ray="534b887f8e432f99" async data-sitekey="6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0"></script> <div class="g-recaptcha"></div> <noscript id="cf-captcha-bookmark" class="cf-captcha-info"> <div><div style="width: 302px"> <div> <iframe src="https://www.google.com/recaptcha/api/fallback?k=6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"></iframe> </div> <div style="width: 300px; border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;"> <textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;"></textarea> <input type="submit" value="Submit"></input> </div> </div></div> </noscript> </form> I am sure a lot of people have had this problem and cannot be difficult to solve, but I'm totally noob at this and I need to solve asap because of my customers rushing me to fix it... I hope someone knows the asnwer Thank you in advance!
Danp2 Posted November 12, 2019 Posted November 12, 2019 (edited) On 11/12/2019 at 9:42 PM, xavierlucio said: I have a big problem since my hoster provider got cloudfare 2 days ago and now my login is not working because it supposedly asks for a captcha(but you cannot see it), so my customers cannot log in anymore. I've tracked the URI and request with wireshark and confirmed this is the problem. Expand Sorry, but I'm having difficulty understand the exact nature of the problem. Can you restate it and be sure to include additional details, such as -- Were you using Autoit to perform this login before Cloudflare was introduced? What is the site's URL where you are attempting the login? Are you the site owner? Are your customers accessing your site from a standard web browser? Etc P.S. Be sure to familiarize yourself with the forum rules, particularly the part dealing with bypassing security and / or captcha Edited November 12, 2019 by Danp2 Latest Webdriver UDF Release Webdriver Wiki FAQs
xavierlucio Posted November 12, 2019 Author Posted November 12, 2019 On 11/12/2019 at 10:56 PM, Danp2 said: Sorry, but I'm having difficulty understand the exact nature of the problem. Can you restate it and be sure to include additional details, such as -- Were you using Autoit to perform this login before Cloudflare was introduced? What is the site's URL where you are attempting the login? Are you the site owner? Are your customers accessing your site from a standard web browser? Etc P.S. Be sure to familiarize yourself with the forum rules, particularly the part dealing with bypassing security and / or captcha Expand Thank you for answer. Sure, I have an autoit login program, a simple GUI with username and passwords inputs. My database is hosted in Hostinger and they installed a cloudfare 2 days ago. Before this login had no problem but since they installed cloudflare, my login has nothing coded about show a captcha when requested and so when Hostinger cloudfare asks for captcha I have no way to show it to my users and they cannot solve it, so they get error and cannot make login. I need a way to show that captcha in my GUI so they can solve it and login to their respective accounts. My login.au3 makes httprequest with : Local $data, $request $data = 'username=' & urlEncode($username) $data &= '&password=' & urlEncode($password) $request = _httpRequest($ENDPOINT_LOGIN, 'POST', $data) ; ENDPOINT = db server Local $json = Json_Decode($request[2]) Local $success = true ;Json_Get($json, '["success"]') If $success Then Global $loggedin = true httprequests don't reach the server because of the captcha is not showing in the GUI so none can solve it and they cannot login. Yes, I am the owner of all this, webserver, DBserver and auto it login.au3 script. I hope I explained better myself Thank you very much!
Danp2 Posted November 13, 2019 Posted November 13, 2019 I'm somewhat familiar with Cloudflare, having enabled it for one of the sites I own. Have you considered contacting technical support with Hostinger to see if you can temporarily disable Cloudflare until you can figure out how to handle the login from your GUI? Latest Webdriver UDF Release Webdriver Wiki FAQs
Moderators JLogan3o13 Posted November 13, 2019 Moderators Posted November 13, 2019 I understand you own this code, and that you are trying to show the captcha in your GUI so your customers can login, but in essence your code is then going to automate the captcha, and that is something we cannot support. Even if you have no nefarious intent, posting code such as this does not someone with fewer morals from doing something bad with it. I agree with Danp2's suggestion that you reach out to your vendor for support on this instead of trying to code a way around it. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Recommended Posts