Any other method for bypassing cf?

[ParhamSobhan]

• So since yesterday there was 2 solution for the detection

1. Opening dev tool which GOT PATCHED yesterday
   (chrome_options.add_argument("--auto-open-devtools-for-tabs") # automatically open dev tools on every new tab)

2. Using js to open a blank page for the url and getting back to it after a long sleep

driver.execute_script("window.open('https://someprotectedwebsite', '_blank')")
+ sleep(15)
driver.switch_to.window(driver.window_handles[1])

so there is only one method left (method 2) which is leading to TOO MANY BUGS and TOO SLOW

I was wondering if there is any other method or any development on updating undetected-chromedriver?

[horror]

2 pathed too

[IAISI]

Think the real question is how they're detecting this.

I think it's tied to IPs somehow, I can do whatever with selenium/playwright on my home IP, but as soon as I switch to datacenter IPs it starts flagging, not quite sure how...

On the other hand I can launch headful instance of undetected and then stop script, continue to click manually on that instance... I can still pass it, solve turnstile on bad datacenter IPs...

[bear102]

This method works for me however, when i am on a proxy it stops working :(

import undetected_chromedriver as uc
import time
chrome_options = uc.ChromeOptions()
chrome_options.add_argument("--disable-popup-blocking")
chrome_options.add_argument('--ignore-certificate-errors')


driver = uc.Chrome(options=chrome_options)

url = 'https://nowsecure.nl/'
driver.get(url)
time.sleep(10)
driver.execute_script(f"window.open('{url}', '_blank')")
input()

[luluhoc]

Think the real question is how they're detecting this.

I think it's tied to IPs somehow, I can do whatever with selenium/playwright on my home IP, but as soon as I switch to datacenter IPs it starts flagging, not quite sure how...

On the other hand I can launch headful instance of undetected and then stop script, continue to click manually on that instance... I can still pass it, solve turnstile on bad datacenter IPs...

Don't think it is tied to IP, as I've tried totally new instance on work ip and in incognito and normal it passes with no problem but as soon as I turn on puppeteer blocks directly.

[bear102]

i think it is tied to ip because my code above works and bypasses cloudflare but as soon as i use a proxy (free online proxy most likely a datacenter), it stops working.

edit: Ok maybe not ip but what if it detects if you are using a proxy or vpn and blocks based on that
doesnt bypass

import undetected_chromedriver as uc
import time
chrome_options = uc.ChromeOptions()
chrome_options.add_argument("--disable-popup-blocking")
chrome_options.add_argument(f'--proxy-server=https://89.187.182.19:9002')
chrome_options.add_argument('--ignore-certificate-errors')


driver = uc.Chrome(options=chrome_options)

url = 'https://nowsecure.nl/'
driver.get(url)
time.sleep(10)
driver.execute_script(f"window.open('{url}', '_blank')")
input()

[IAISI]

I don't think it does... any combo I tried selenium/playwright, home ip, 4g proxies, dc proxies, it always got flagged when I used some kind of automation to drive actions... if I just launch it with same setup and then manually click it passes...

I tried randomizing clicks and mouse movements but that's kinda hard to do reliably and test so dunno and I don't even think it's that since opening new private window and keeping mouse away would still cause it to pass it, sometimes without any interactions...

[bear102]

have you tried this code? I dont need to click anything and it bypasses after the 10 sec sleep.

import undetected_chromedriver as uc
import time
chrome_options = uc.ChromeOptions()
chrome_options.add_argument("--disable-popup-blocking")
chrome_options.add_argument('--ignore-certificate-errors')


driver = uc.Chrome(options=chrome_options)

url = 'https://nowsecure.nl/'
driver.get(url)
time.sleep(10)
driver.execute_script(f"window.open('{url}', '_blank')")
input()

[luluhoc]

I don't think it does... any combo I tried selenium/playwright, home ip, 4g proxies, dc proxies, it always got flagged when I used some kind of automation to drive actions... if I just launch it with same setup and then manually click it passes...

I tried randomizing clicks and mouse movements but that's kinda hard to do reliably and test so dunno and I don't even think it's that since opening new private window and keeping mouse away would still cause it to pass it, sometimes without any interactions...

It has to detect that the browser is using selenium as even if I open new tab manually in browser instance and type address and all and I still get blocked.

[dreadedhamish]

Don't know if this helps, but using OSX 10.14.6 and the advanced example using https://nowsecure.nl :
Chrome 115.0.5790.98 - bypass
Chromium 114.0.5730.0 (Developer Build) - fail
Maybe there is something a little funky going on because support for OSX 10.14 was meant to stop at 114, and indeed I can't upgrade to 115 using Chromiun, but a 115 Chrome slipped through.

[IAISI]

Pretty sure CF ppl are already here (Hi guys! Nice to meet u 😂) and will patch 115 if possible, but yea it is indeed working.

[IAISI]

Didn't had the time to test it properly yet but --disable-features=UserAgentClientHint might help, would have to check and compare actual headers to understand if that's what CF is checking...

[nv-hub]

Didn't had the time to test it properly yet but --disable-features=UserAgentClientHint might help, would have to check and compare actual headers to understand if that's what CF is checking...

Nope, doesn't work

[mIgLLL]

I am struggling with cloudfare for few months, I think it is a way to keep javascript from executing. I know that if you forbidden the javascript totally, nothing will be loaded. But I find a way to forbidden part of the harmful (maybe) javascript, and this doesn't happen to me again.