We don't have to go all the way with these options either, we could ask users to trust cloudflare themselves, or less have to manually get useragent/cookie everytime it expires (with a GUI). It is possible to pragmatically trust a website but that is done in registry and I think that's a bit dirty, even if we trust then untrust as soon as we have what we want, I am not sure about editing a user's registry. The cookie belongs to cloudflare (not poe.trade) meaning you can 'trust' in IE which will allow that function to get the cookie now. InternetGetCookieEx which allows the getting of httponly cookies, but with a catch, cookies from websites in 'protected' mode are hidden. You can use comobj to make IE navigate to poe.trade, and IE passes the test since its a real browser, IE can be invisible for this.Ĭomobj also allow us to snag its user agent easily, however the cookies we need are httponly (for a reason) and the comobj cannot see them. To make things work you must get a useragent + cookie pair that match (probably IP too but that is free). I have done a bunch of learning and I think I have a programmatic solution but its really far reaching. (Though some ppl might be uncomfortable running javascript like that). We can also provide a bookmarklet that would also get the cookie and user agent without requiring ppl to user dev console. I do not know how often the cookie changes, but so far my cookie has worked for atleast an hour.įor user friendliness we are best off making the script provide a pop up asking for cookie and user-agent when a failure is detected (502 i think). Thus all the trade macro must do is pretend to be a browser that is already cleared, if the macro makes the request using the same user-agent and cookies it is indistinguishable from a real browser. The DDOS protection is really simple, when the user goes to the website, they are redirected, some javascript is run to confirm the browser is real, then a cookie is set so that the check does not need to run every time. Which would mean that poe.trade will not work in the long run cause whats the point of a trade system if it only works when ppl don't use it widely. Bypassing the DDOS protection isn't actually that big of a deal unless the trade macro is the thing causing the DDOS (from legit users).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |