Cloudflare captcha [split] prox-config-sidki_2019-01-26b1
|
Mar. 22, 2022, 03:02 AM
(This post was last modified: Mar. 22, 2022 03:22 AM by cattleyavns.)
Post: #15
|
|||
|
|||
RE: Cloudflare captcha [split] prox-config-sidki_2019-01-26b1
I've managed to beat TLS Fingerprint with python urllib3 + override DEFAULT_CIPHERS in Lib\site-packages\urllib3\util\_ssl.py with Pale Moon/any browser's ciphersuite and change User-Agent to match Pale Moon/any browser. And the final result, my transparent local proxy can now bypass CloudFlare's TLS Fingerprint!
Should I share the whole progress ? I don't know, I just afraid CloudFlare will just patch this exploit (and it's very easy to block because OpenSSL always send TLS_EMPTY_RENEGOTIATION_INFO_SCSV, and real Pale Moon/web browser doesn't, so they can easily block my fingerprint by checking User-Agent and TLS_EMPTY_RENEGOTIATION_INFO_SCSV, if it's Pale Moon+TLS_EMPTY_RENEGOTIATION_INFO_SCSV then block). Basically I did: - I used Wireshark to capture real Pale Moon's ciphersuite in Client Hello packet (Pale Moon is my main browser), then converted Pale Moon's ciphersuite format to Python's ciphersuite format, override DEFAULT_CIPHERS in Lib\site-packages\urllib3\util\_ssl.py with my new ciphersuite. This is my video (tested on alternativeto.net) https://streamable.com/btr8f8 |
|||
![]() amy |
« Next Oldest | Next Newest »
|