Bypass the AIAS DDoS protection #118
Labels
No Label
bug
duplicate
enhancement
external cause:politics
external cause:upstream bug
feed
help wanted
invalid
question
wontfix
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: lucidiot/itsb#118
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The AIAS official feed is now hidden behind a very dumb "DDoS protection" thing. It seems to work by using some weird JavaScript that sets a cookie then refreshes the page. Performing a request without a
User-Agent
header results in being blocked by a WAF, and setting theUser-Agent
to anything but sending no cookie or an invalid cookie results in a page showing a "Verifying your browser" loading screen and the weird JS.No feed readers can bypass this type of protection, so the AIAS official feed is now completely useless. However, we could definitely bypass it by applying a heavy dose of
sed
and running the JS code usingnode
orqjs
or some other interpreter to get aCookie:
header that we can send ourselves. This could let us make a custom feed that just downloads the official feed.