Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] CloudFlare Challenge get stuck in Infinite Loop #2933

Open
ronny1982 opened this issue Jan 16, 2021 · 45 comments
Open

[Bug] CloudFlare Challenge get stuck in Infinite Loop #2933

ronny1982 opened this issue Jan 16, 2021 · 45 comments
Assignees
Labels
Bug Flaw, Failure or Fault leading to incorrect or unexpected Results

Comments

@ronny1982
Copy link
Contributor

ronny1982 commented Jan 16, 2021

Describe the bug

When opening any website that is protected through a CloudFlare JavaScript challenge, the website is stuck in an infinite reload loop instead of solving the challenge and redirecting to the content of the website.

This affects many websites right now that can no longer be used in HakuNeko due to this issue!

To Reproduce

Steps to reproduce the behavior:

With HakuNeko

  1. Start HakuNeko
  2. Open the Website choosing List
  3. Search for raws.mangazuki.co
  4. Open the manual website interaction link on the result
    => Observe the website re-loads forever

With Electron

  1. Start electron ./node_modules/.bin/electron
  2. Open the developer tools (e.g. from electron menu)
  3. Switch to the console tab and type window.location = 'https://cloudscraper.cf/cloudflare/challenge.html'
    => Observe the website re-loads forever

References

@ronny1982 ronny1982 added the Bug Flaw, Failure or Fault leading to incorrect or unexpected Results label Jan 16, 2021
@ronny1982
Copy link
Contributor Author

Looks like CloudFlare revised their challenge and HakuNeko now ends up with infinite redirects...


<!DOCTYPE HTML>
<html lang="en-US">
<head>
  <meta charset="UTF-8" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
  <meta name="robots" content="noindex, nofollow" />
  <meta name="viewport" content="width=device-width,initial-scale=1" />
  <title>Just a moment...</title>
  <style type="text/css">
    html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
    body {background-color: #ffffff; color: #000000; font-family:-apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Helvetica Neue",Arial, sans-serif; font-size: 16px; line-height: 1.7em;-webkit-font-smoothing: antialiased;}
    h1 { text-align: center; font-weight:700; margin: 16px 0; font-size: 32px; color:#000000; line-height: 1.25;}
    p {font-size: 20px; font-weight: 400; margin: 8px 0;}
    p, .attribution, {text-align: center;}
    #spinner {margin: 0 auto 30px auto; display: block;}
    .attribution {margin-top: 32px;}
    @keyframes fader     { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
    @-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
    #cf-bubbles > .bubbles { animation: fader 1.6s infinite;}
    #cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;}
    #cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;}
    .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; }
    a { color: #2c7cb0; text-decoration: none; -moz-transition: color 0.15s ease; -o-transition: color 0.15s ease; -webkit-transition: color 0.15s ease; transition: color 0.15s ease; }
    a:hover{color: #f4a15d}
    .attribution{font-size: 16px; line-height: 1.5;}
    .ray_id{display: block; margin-top: 8px;}
    #cf-wrapper #challenge-form { padding-top:25px; padding-bottom:25px; }
    #cf-hcaptcha-container { text-align:center;}
    #cf-hcaptcha-container iframe { display: inline-block;}
  </style>

    <meta http-equiv="refresh" content="12">
<script type="text/javascript">
  //<![CDATA[
  (function(){
    
    window._cf_chl_opt={
      cvId: "1",
      cType: "non-interactive",
      cNounce: "15986",
      cRay: "60e9563bcbd43752",
      cHash: "e332e638881aeec",
      cFPWv: "b",
      cRq: {
        ru: "aHR0cHM6Ly9yYXdzLm1hbmdhenVraS5jby8=",
        ra: "Y3VybC83LjY0LjE=",
        rm: "R0VU",
        d: "FMHYYHS1lwuI+aX/QAm/PiECOuJbuaL2dYuFA64VzKcFWkul6LcjuaKAFu/KkzkOFZp3DsVkIJLlGXHef4w/yc7Jp2sCK7wJt54Qx+DXEv2SfPp1EnxHapc7dIoa2bGeCJNdxad1cIKKRkp0IzzDaTbeU7y9G+hzq1CjPSOQExdksmJ8ur2k0sSZLNC01f8B4ztrl7XwPrtpN5jGiWM02grgyFqEACldkNWhHAAon9ud79boWEMk0UHiabbqdbJb4vqLHo3yOciH4ALQ2cpuGSMfq4MprIL6SpXedMhLmGXzIk0GtOUcJQWTqRyRAXfWM9k3dI98t9ggym/KG7KfRMJzHGcBac9cmKb7tM1qvSuIODOvYWzIVcxqh2NDVzUHv2+QaRCij6ygITwwy23PUAbvgID5n+fBb4Xy7HWDWLoKlEzWDKDf2Vl6Xbvuc8tkyyYu8zKk5UeFl1+OjVRo8ueyWNyuEahNfJWTlq929g4tOs9foluZfjZBh617evvmCmvdbltJuB5QmJPl+WB2bZGdzXrXOQnynfkR0jMGDbWHyXWhNuVaNLwDNtjZ2Vz7tnvIlCgPA34lbeoekIJ35m6Jsu98DO7AHmvfkPxV/oLVmu4GU7hGyDxzAmasa73moEiWMpryKsqpd+KkXesOsyWtIWDvV2Di28+PirD4h+Ww/zy80WlzxRXmMYQFyfFRxLdYga4QEJDLUTIVOvK3uI64YTWKmPr7plXSBbQs0IeUYhN43R9SaWgcIVvtnURB",
        t: "MTYxMDE0NDc1MS45NjgwMDA=",
        m: "RY0MjWJYDEMQs+VeZIibzlO0OR6ObYZK7sMHeJXX3F0=",
        i1: "RkvE2vdNo6sZGOBEVyShDQ==",
        i2: "8l717PzvJk0ydzE++cTu/w==",
        uh: "szTQexRnAk6IzW67QzqGQgGxkzC/vAX/8LMiqwBnOyk=",
        hh: "I0kdqj2F0l7JNXvXS7ighNXMGXUM2prtK7PBi3zI0Kw=",
      }
    }
    window._cf_chl_enter = function(){window._cf_chl_opt.p=1};
    
    var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
    b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
    b(function(){
      var cookiesEnabled=(navigator.cookieEnabled)? true : false;
      var cookieSupportInfix=cookiesEnabled?'/nocookie':'/cookie';
      var a = document.getElementById('cf-content');a.style.display = 'block';
      var isIE = /(MSIE|Trident\/|Edge\/)/i.test(window.navigator.userAgent);
      var trkjs = isIE ? new Image() : document.createElement('img');
      trkjs.setAttribute("src", "/cdn-cgi/images/trace/jschal/js"+cookieSupportInfix+"/transparent.gif?ray=60e9563bcbd43752");
      trkjs.id = "trk_jschal_js";
      trkjs.setAttribute("alt", "");
      document.body.appendChild(trkjs);
      
      var cpo = document.createElement('script');
      cpo.type = 'text/javascript';
      cpo.src = "/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1";
      var done = false;
      cpo.onload = cpo.onreadystatechange = function() {
        if (!done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
          done = true;
          cpo.onload = cpo.onreadystatechange = null;
          window._cf_chl_enter()
        }
      };
      document.getElementsByTagName('head')[0].appendChild(cpo);
    
    }, false);
  })();
  //]]>
</script>


</head>
<body>
  <table width="100%" height="100%" cellpadding="20">
    <tr>
      <td align="center" valign="middle">
          <div class="cf-browser-verification cf-im-under-attack">
  <noscript>
    <h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
  </noscript>
  <div id="cf-content" style="display:none">
    
    <div id="cf-bubbles">
      <div class="bubbles"></div>
      <div class="bubbles"></div>
      <div class="bubbles"></div>
    </div>
    <h1><span data-translate="checking_browser">Checking your browser before accessing</span> mangazuki.co.</h1>
    
    <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none">
      <p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies and reload the page.</p>
    </div>
    <p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p>
    <p data-translate="allow_5_secs">Please allow up to 5 seconds&hellip;</p>
  </div>
   
  <form class="challenge-form" id="challenge-form" action="/?__cf_chl_jschl_tk__=ddc66003232b69fb1f5ee635a3a325ec3ae018bf-1610144751-0-ASOMRpjaEgp1SgWgTBVBTj80X9K95_nfA-H3Pp-7bkk0CqwK3D2f85gJ1HLr1PMLzo8J_OBlEUJhdvFnFhyfx2OHl_E-eWZF4tXMgZYAunHur5HHrQJDQEzmlfyjHG3nnf5szGS5Ge6ARqGL7Wo9TILtzDZyaw8vSzSAAIzFkO_MNat-YMm_GMcjqOBsB0a_xJGDcQziGJGas4-XALKQaGJRXUh5OobUNy58tVQ4HuOX2rbegoI-393EMERMoPemo0Vw4KgyLdIoFjFDWjL9aBWUeqHlix9Y68GIIGk6bNv-NZuPdY-oeZSGLoR5OzXs9A" method="POST" enctype="application/x-www-form-urlencoded">
    <input type="hidden" name="r" value="4f4b05645868bc5305b7671ef97cda40d7f54255-1610144751-0-AZi3YLIlGFeUbvYCbBO7tTK+x/ffEpErGVdIBfgxIF0dUHBsYoKepTA07/7HT208oBMMzsmFhKEC3AleAGbMoI6lPk2AqQmuDyBxIGZZxAtLGmurXZu0eYE9LI1YcdYIk+dwZ5xy1H+iidZq+fQE4ux3526KZXxaaTCXBR5skykYYRoyELhtPNcfEy2CJ3r9gJoI0Fl7zFD4gbBSeXFWdUBA+9A+uWqKhVyIFbDQLxiqugc5pEs1WUb1scHcecCVdLW3Gqgg/XuGnoaOS5/vgjFuLCZQ4KXj+VxRGmyoYgaIkdB0ulg228GiE0vT+6CnmXS92LnfXLpVu6CarVWiKngfKmYjbxZR3se5Il/6W/ucNHDs/KgR+nuZq9aJbBdGTHwIQtOremtH2hhprYQ+R8VvtxWAMCa6d4ILKrCOVgvlGzVcV/frOo8BmeIIsviIxg9A9R5m3WPgjrpT9DjeyBWpdhqdCNqtAGCkzJHkD78Y/vBi1K8L+2S4ajApZHO4pIGWu4zCFWWdkT3y8vnJXxozwCAhtG+k4P2y9ZWhlhp0Wk5ZoziMtNkvwr651g+Un6VB1WK8v6QO2PlmAKPUX6RNq7LcuCZeT03cVIXP7Sz9P5hnXzsI5tDcnbSuy6Ps4oga/bYYQxTj8PV7WVELZ1+V3bGdqKaUTNg4dCs7Dap4R8amkKqTgYTRIq/vE1brK9ZxJK6HTp1Oyt+Jb+HWCwFINKaIJ/RJiA6thJcf4GmQRUz4LRh+xe0F9rICNlT0OozSWxv65oK44OncRHCKqJJEsLD8+Wo/j63EomYIPlQNw61xYSsECEThXmwpWcqgHwHNsIt2c/IIiKQb346Jz/lOCKeiv9/1hlkqePeCrqf6xKBfOMu3jCCAt1eaeiq7LJHDa5CL6Hpitwr2yZCQhT3bWkRxHUfwOM/KKlY2Y10418Sxd/nRsqUEXXZ0FVTA4jENqrpnjM3qdjazh2rTjmekxiC1sgUABfCm7qcF0txLLEkGcED6c0i8V7AyuLkh9CbIP4mysMxU+X4ux8WkINM5RaSEv8nDo/fRaQ8e5JH9IdkzvQS8yL8ADNouDL7x0ftbQ6sB0/3+oSRL5opeGtR4gQI4pc+zxEyHNOSkUDEaNe8ljA0ITzCpiD6Roy6fpCJ6MH+LUkZEsjj3acHc3dXGrY7FeFjMrgvM2WYQwQMpqkksR8uxj2jDG26sJm6dUZ8j9bgxrtgHggsoGF62oTRvWZ8up6uWeL4Zfq/nFJMBWptZQf+GfGId/AqNr3YRR00idCXnJv8Z7l7YnExlj6M="/>
    <input type="hidden" value="09ce8774cd7952b909339dd4ca45e15c" id="jschl-vc" name="jschl_vc"/>
    <!-- <input type="hidden" value="" id="jschl-vc" name="jschl_vc"/> -->
    <input type="hidden" name="pass" value="1610144755.968-BIHHR9+d87"/>
    <input type="hidden" id="jschl-answer" name="jschl_answer"/>
  </form>
  
  <div id="trk_jschal_nojs" style="background-image:url('/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=60e9563bcbd43752')"> </div>
</div>

          
          <div class="attribution">
            DDoS protection by <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing/" target="_blank">Cloudflare</a>
            <br />
            <span class="ray_id">Ray ID: <code>60e9563bcbd43752</code></span>
          </div>
      </td>
     
    </tr>
  </table>
</body>
</html>

@ronny1982
Copy link
Contributor Author

Probably related: dazedcat19/FMD2#259

@ronny1982
Copy link
Contributor Author

This problem does not occur in electron 11.2.0, but sadly it happens in 6.1.7 and 8.3.4
It could also be noted that opening the website with electron 11.2.0 may popup requests asking for permission to access sensors.

Screen.Recording.2021-01-14.at.6.42.40.PM.mp4

@ronny1982
Copy link
Contributor Author

@ronny1982
Copy link
Contributor Author

ronny1982 commented Jan 17, 2021

The electron fix seems to have been added somewhere between v9.0.0-nightly.20200121 and v9.0.0-beta.1

❌ Electron 6.0.0
❌ Electron 6.1.12
❌ Electron 7.0.0
❌ Electron 7.3.3
❌ Electron 8.0.0
❌ Electron 8.5.5
❌ Electron 9.0.0-nightly.20191122
❌ Electron 9.0.0-nightly.20200121
✔️ Electron 9.0.0-beta.1
✔️ Electron 9.0.0
✔️ Electron 9.4.1
✔️ Electron 10.0.0-nightly.20200209
✔️ Electron 10.0.0
✔️ Electron 10.3.0
✔️ Electron 11.0.0
✔️ Electron 11.2.0

@ronny1982 ronny1982 self-assigned this Jan 17, 2021
@He-Li-Na
Copy link

Hello, I read this issue because I have an issue with mangahasu.
According to this post. the problem caused by CloudFlare revised their challenge and HakuNeko now ends up with infinite redirects (for some manga website).

I have no issue when I visit the website in the browser, but in Hakuneko, mangahasu seems like offline and we cannot access the site beside reading some manga that we already download before this issue occurs.

could you explain this to me in an easy way, what happened and can this issue be fixed, what should we do? does this issue mean that mangahasu cannot be accessed anymore in the future?

Thank you for your replay, I'm sorry I cannot write in English properly

@ronny1982
Copy link
Contributor Author

There is no fix available yet

@Bmswad1
Copy link

Bmswad1 commented Jan 24, 2021

There is no fix available yet

because you are dumb, go to fix the cloudflare issue fck asshole

Don't talk nonsense
This is not his responsibility
If you want it fixed
Fix it yourself

@kevin01523
Copy link

this also affects animepahe

@djgerman10
Copy link

It also affects lectormanga.com, lectortmo.com, I think that all the vast majority work at the beginning, then it starts to give these errors with cloudflare

@giaez
Copy link

giaez commented Jun 7, 2022

today nitroscans is just affected by this. I used this connector for the first time yesterday and it worked, but now it stucks in cloudfire loop.

@CaptainChicky
Copy link

This also affects https://toonily.com now
Errors out with 503 from Connector.mjs:434

@remex24
Copy link

remex24 commented Jul 11, 2022

The same with myreadingmanga.info I solve the cloudfare captcha yet stuck in an infinite loop hope that it will be solved soon

@ronny1982
Copy link
Contributor Author

Reason for failing CloudFlare is likely Browser specific TLS fingerprinting.

@therootaf
Copy link

fun fact, you can pass cloudflare just by changing useragent to windows - opera or another one that can pass cloudflare
https://b.catgirlsare.sexy/pJRrpsgr8Aok.mp4

@SilverAsh4158
Copy link

Same problem with Reaper Scans (English) stuck at cloudflare issue.
French and turkish - able to open page and load manga list. Portugues - able to open page but cannot load manga list.

@neemanthnub
Copy link

thanks a lot it works

@samanta-widjaja
Copy link

1stkiss also stuck at cloudflare issue. can not even get manga list

@isyfalana
Copy link

cloudfalre connector not working / browser oudate / infinite loop, i can solve these problem by modify user agent to latest version browser
%appdata%\local\hakuneko-desktop\cache\mjs\engine\Request.mjs
modify
this.userAgent = HeaderGenerator.randomUA();
to
this.userAgent = 'LATEST_BROWSER_USER_AGENT';
then start hakuneko, and open the site to get new cookie.

unfortunatelly hakuneko reset our changes each day because it just cache(?)

@MikeZeDev
Copy link
Contributor

MikeZeDev commented Jul 3, 2023

Tested With BentoManga and UA as Chrome 114, still infinite loop
Same for sushiscan

@Sheepux
Copy link
Contributor

Sheepux commented Aug 6, 2023

Some people reported using https://github.com/FlareSolverr/FlareSolverr as proxy to solve this situation. I don't know how much it helps

@MikeZeDev
Copy link
Contributor

Some people reported using https://github.com/FlareSolverr/FlareSolverr as proxy to solve this situation. I don't know how much it helps

FlareSolverr starts a proxy server, and it waits for user requests in an idle state using few resources. When some request arrives, it uses Selenium with the undetected-chromedriver to create a web browser (Chrome). It opens the URL with user parameters and waits until the Cloudflare challenge is solved (or timeout). The HTML code and the cookies are sent back to the user, and those cookies can be used to bypass Cloudflare using other HTTP clients.

Thats basically what we will try to achieve with the browser extension in Haruneko, but without the hurdle of using Selenium.

@Sheepux
Copy link
Contributor

Sheepux commented Aug 7, 2023

This comment was for a temp solution for current hakuneko

@dbleach777
Copy link

Try install portmaster.
I use portmaster (DNS changer) rather than VPN for bypass censorship & cloudfire (never encounter cloudfire page now) also it's faster than VPN & free to use for windows, linux. It's work for me at least on some website that has cloudfire captcha page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Flaw, Failure or Fault leading to incorrect or unexpected Results
Projects
None yet
Development

No branches or pull requests