Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endless challenge at Cloudflare Verification #1241

Closed
aliafshany opened this issue May 13, 2023 · 6 comments
Closed

Endless challenge at Cloudflare Verification #1241

aliafshany opened this issue May 13, 2023 · 6 comments
Assignees
@Aydinv13
Labels
Bug Resolution: Duplicate Status: Closed

Comments

@aliafshany
Copy link

AdGuard version

Version 2.10.1.1277 nightly

Browser version

Version 0.103.0 (38794), chrome Version 113.0.5672.92 (Official Build) (arm64)

OS version

ventura 13.3.1

What filters do you have enabled?

AdGuard Annoyances filter, EasyList, Adblock Warning Removal List, Online Malicious URL Blocklist, Iranian filter

What Stealth Mode options do you have enabled?

No response

Support ticket ID

No response

Issue Details

Steps to reproduce:

  1. go to a site that has a Cloudflare anti-robot verification like vultr.com, ping.pe
  2. you would check the checkbox over and over but it won't verify you.
  3. turn AG totally off and then refresh the page and verify that, It woks then!

Expected Behavior

Cloudflare won't verify you.

Actual Behavior

Cloudflare won't verify you unles you turn AG off

Screenshots

cf.mp4

Additional Information

No response
@aliafshany aliafshany added the Bug label May 13, 2023
@aliafshany
Copy link
Author

my settings in Adguard:

AG.mp4

@ZeroClover
Copy link

Same here.

After repeated testing, I found that keeping the following AdGuard Stealth Mode features disabled avoids this issue:

  • Block Push API
  • Block Location API
  • Block Java
  • Hide your User-Agent
  • Remove X-Client-Data Header

I have set one of my test sites to always return to the challenge page (interactive challenge) to facilitate testing.

https://turnstile.zeroclover.io/

@aliafshany
Copy link
Author

@ZeroClover
thank you for testing and sharing the results.

Unfortunately, Block Location API and Block Java are important for me to hide any IP leaks that might occur.
Hope the Devs find a good solution for this.

@Aydinv13
Copy link

@aliafshany @ZeroClover Hi, sorry for the late reply.

Most likely Cloudflare is asking you to enter captcha/wait because the User-Agent is incorrect or typed in by hand - that's a reason to be suspicious. Such User-Agent will not match the TLS fingerprint with the browser, therefore there may be issues such as endless checks.

@adguard-bot adguard-bot added Question and removed Bug labels May 23, 2023
@ZeroClover
Copy link

@Aydinv13

User-Agent is part of the reason for this issue, but not the decisive factor.

Even without disguising the User-Agent, blocking access to a browser's Push/Location/Java API will cause Cloudflare to endlessly challenge.

Cloudflare CAPTCHA (Turnstile) uses browser fingerprints and functions to identify legitimate users and bots. Unfortunately, most pre-compiled headless browsers (widely used by crawlers) do not implement the aforementioned APIs mentioned above.

@adguard-bot adguard-bot changed the title stuck at Cloudflare Verification Endless challenge at Cloudflare Verification May 24, 2023
@adguard-bot adguard-bot added Bug and removed Question labels May 24, 2023
@Aydinv13 Aydinv13 mentioned this issue May 24, 2023
Open
@Aydinv13
Copy link

Issue moved to AdguardTeam/CoreLibs #1765 via Zenhub

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aydinv13 Aydinv13

Labels
Bug Resolution: Duplicate Status: Closed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ZeroClover @adguard-bot @aliafshany @Aydinv13