YouTube trusted session generator

This project is tested with BrowserStack.

This is a fork

this fork replaces the older nodriver-based chromium automation with playwright, a more modern browser automation framework. key changes:

1. switching from nodriver to playwright
2. callback system for token updates
3. the http server now waits for token updates
4. i broke docker version and i cba'ed to fix it because i hate docker.

the (web) server component was rewritten from a wsgi implementation to a more straightforward threaded http server.

Description

This script will output two parameters: po_token and visitor_data. Needed for passing YouTube checks in Invidious or the program that use the po_token functionality.

What's po_token

po_token known as Proof of Origin Token. This is an attestation token generated by a complex anti robot verification system created by Google named BotGuard/DroidGuard. It is used to confirm that the request is coming from a genuine device.

These identity tokens (po_token and visitor_data) generated using this tool will make your entire YouTube session more easily traceable by YouTube because it is tied to a unique identifier.

Requirement(s)

• You have to run this command on the same public IP address as the one blocked by YouTube. Not necessarily the same machine, just the same public IP address. Subsequent usage of this same token will work on the same IP range or even the same ASN. The point is to generate this token on a blocked IP as "unblocked" IP addresses seems to not generate a token valid for passing the checks on a blocked IP.

Tutorials for "oneshot" command: run the program and get the po_token and visitor_data values

Tutorial with Docker

1. Run the script: docker run quay.io/invidious/youtube-trusted-session-generator
2. Copy paste the values of these the two parameters (po_token and visitor_data) in config.yaml

   po_token: XXX
   visitor_data: XXX
   

3. Restart Invidious or the program that use the po_token functionality.

Tutorial without Docker

1. Install Chromium or Google Chrome.
2. Create a new virtualenv: virtualenv venv
3. Activate the virtualenv: source venv/bin/activate
4. Install the dependencies: pip install -r requirements.txt
5. Run the script: python potoken-generator.py --oneshot
6. Copy paste the values of these the two parameters (po_token and visitor_data) in config.yaml

   po_token: XXX
   visitor_data: XXX
   

7. Restart Invidious or the program that use the po_token functionality.

Why running as root for Docker?

In "headless: false", Chromium does not support sanboxing when it is not ran by root user.

Tutorials for "always running" program: Get po_token on demand using HTTP.

Tutorial with Docker

Run the program: docker run -p 8080:8080 quay.io/invidious/youtube-trusted-session-generator:webserver

Tutorial without Docker

1. Install Chromium or Google Chrome.
2. Create a new virtualenv: virtualenv venv
3. Activate the virtualenv: source venv/bin/activate
4. Install the dependencies: pip install -r requirements.txt
5. Run the program: python potoken-generator.py

usage of the http api

send a request to http://localhost:8080/token to obtain a po_token. the server returns a json object with potoken and visitor_data.

to force a refresh of the token, send a POST request to http://localhost:8080/update. this endpoint has two behaviors:

1. it initiates a token refresh process
2. it waits for the refresh to complete (up to 60 seconds)

if the update succeeds within the timeout, the endpoint returns the new token as json with status 200. if a refresh is already in progress, you'll get a 409 conflict response. if the update times out, you'll receive a 504 gateway timeout.