Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

WinHTTPRequest and Ddos Protection


  • Please log in to reply
6 replies to this topic
malcev
  • Members
  • 73 posts
  • Last active: Jan 28 2016 08:05 PM
  • Joined: 19 May 2011

How can I retrieve text from this site?

http://facepunch.com

This code does not work because of the Ddos protection.

HTTP := ComObjCreate("WinHTTP.WinHTTPRequest.5.1")
HTTP.Open("GET", "http://facepunch.com/")
HTTP.Send()
MsgBox, % HTTP.ResponseText


tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: May 02 2019 09:16 PM
  • Joined: 21 Dec 2007

what are you talking about ddos protection
bot protection maybe but definitely not ddos protections for that even a 404 will work :p

 

very plainly is a form that needs to be submitted to load the page content. why dont you see if you can work it out


Never lose.
WIN or LEARN.

malcev
  • Members
  • 73 posts
  • Last active: Jan 28 2016 08:05 PM
  • Joined: 19 May 2011

Please open this link http://facepunch.com/ in your browser and You will see what it writes.

It writes:

<h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
spinner-2013.gifChecking your browser before accessing facepunch.com.

This process is automatic. Your browser will redirect to your requested content shortly.

Please allow up to 5 seconds…

 

And the same text I got from WinHTTPRequest.5.1.

But how can I get text from the main page of this site http://facepunch.com/ ?



tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: May 02 2019 09:16 PM
  • Joined: 21 Dec 2007

i already said if you look at the page source for that you will see that submitting a form with some post data is necessary. just post that data. I see that it SAYS DDOS protection. but it really isnt. a DDOS attack it doesnt matter if the page is valid or not. the idea is to overwhenl the server with requests. the content returned is nearly irrelivant. 

Now that IS an interesting BOT countermeasure


Never lose.
WIN or LEARN.

malcev
  • Members
  • 73 posts
  • Last active: Jan 28 2016 08:05 PM
  • Joined: 19 May 2011

Your idea does not work.

Because I need to write answer in Post.

But how can I get it?


url = http://facepunch.com/
Post_url = http://facepunch.com/cdn-cgi/l/chk_jschl?jschl_vc=
HTTP := ComObjCreate("WinHttp.WinHttpRequest.5.1")
HTTP.Open("GET", url, false)
HTTP.Send()
PostData := StringBetween(HTTP.ResponseText, "jschl_vc"" value=""", """/>")
HTTP.Open("POST", Post_url . PostData, false)
HTTP.Send()
msgbox % HTTP.ResponseText

StringBetween(Str, NS, NE) {
    If (P1:=InStr(Str, NS, 1)) && (P2:=InStr(Str, NE, 1, P1+=StrLen(NS)))
        Return SubStr(Str, P1, P2-P1)
}


tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: May 02 2019 09:16 PM
  • Joined: 21 Dec 2007

my idea works perfectly your implementation fails

 

If you needed the POST method you would pass key=value pairs with send and you would have to set encoding etc

open up fiddler and you see a GET method

 

and then there is this nonsense here

tCKxwrU.RkbsqUT-=+((+!![]+[])+(!+[]+!![]));
tCKxwrU.RkbsqUT*=+((+!![]+[])+(!+[]+!![]+!![]));
tCKxwrU.RkbsqUT+=+((+!![]+[])+(!+[]+!![]));
tCKxwrU.RkbsqUT-=+((!+[]+!![]+[])+(!+[]+!![]));
tCKxwrU.RkbsqUT*=+((!+[]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));
tCKxwrU.RkbsqUT-=+((!+[]+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]));
tCKxwrU.RkbsqUT-=+((!+[]+!![]+!![]+!![]+[])+(+!![]));
tCKxwrU.RkbsqUT+=+((+!![]+[])+(!+[]+!![]+!![]+!![]+!![]+!![]));
a.value = parseInt(tCKxwrU.RkbsqUT, 10) + t.length;
 
 
the submit builds a querystring that includes
&jschl_answer=3734375273 
 
 
this is a real easy problem but perhaps your a bit too lazy for this sort of work. I have within this post all but cookie cut the answer for you. but since i will go no further in helping you circumvent bot controls (no matter how idiotic they are) your going to have to think about the fact that with the answer i was even able to use urldownloadtofile to get the forum page.

Never lose.
WIN or LEARN.

malcev
  • Members
  • 73 posts
  • Last active: Jan 28 2016 08:05 PM
  • Joined: 19 May 2011

Thank You!

I am not lazy, I simply do not understand such things as you write me.

But I will try to understand them.