Bypass Cloudflare's CAPTCHAs by redeming Privacy Pass tokens.
Project description
Privacy Pass
A Python module implementing the Privacy Pass protocol. Privacy Pass is supported by Cloudflare (and is in the process of becoming standardised by the IETF) to enable users to redeem passes instead of having to solve CAPTCHAs to visit protected websites. This can be useful when programmatically interacting with such sites, as CAPTCHAs are intentionally used to tell Computers and Humans Apart.
Installation
Simply run pip install privacypass
. The PyPI package is at https://pypi.python.org/pypi/privacypass/
Alternatively, clone this repository and run python setup.py install.
Dependencies
- Python >= 3.9
- cryptography >= 36.0.1
Usage
Call privacypass.redemption_token()
to create a redemption token specific to the site/path.
import requests
import privacypass
# See `Collecting Privacy Pass Tokens` section of doc for how to retrieve tokens
cf_token = {"input":[98,207,READACTED,234,181],"factor":"0x5c57a03...REDACTED..68ef47","blindedPoint":"BAV...REDACTED...dss=","unblindedPoint":"BOu0AArK..REDACTED..jdBbeqo=","signed":{"blindedPoint":"BPs6ed..REDACTED..0ZWw=","unblindedPoint":"BHtp..REDACTED..hU0="}}
url = 'https://somewhere.with.captcha'
request = requests.get(url)
# A Privacy Pass compatible CF site is encountered
# and a CAPTCHA challenge is presented
if request.status_code == 403 and 'CF-Chl-Bypass' in request.headers:
cf_redemption_token = privacypass.redemption_token(token=cf_token, url=url, method='GET')
headers = {'challenge-bypass-token': cf_token}
request = requests_session.get(url, headers=headers)
Troubleshooting Notes
- Tokens have a limited life span. 30 days?
- Note the header in token redemption response
'CF-Chl-Bypass-Resp': '<error-resp>'
. <error-resp> is the error value returned by the privacy pass verifier. Possible values are 5 or 6, where 5 is an edge-side connection error and 6 is a pass verification error.
Recieving Privacy Pass Tokens
Currently the easiest way to receive tokens is by having the Browser Extension installed, and browsing to captcha.website.
-
Solve a number of CAPTCHAs on captcha.website. Each CAPTCHA solved grants 30 tokens.
-
Extract the tokens from your browser:
Firefox
- Browse to the Extention Debug screen
- Inspect the Privacy Pass extention
- Open Storage -> Local Storage
- Tokens are stored as a list under the
cf-tokens
key.
Acknowledgements
This module is a porting of key functions from the Privacy Pass Extension by @privacypass team.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for privacypass-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9af075857161a226ec7b332b34de61cc08d1c17df5221a1e2b1c74de4fe99b81 |
|
MD5 | 0646442198e8e2fc60120f49c90ef6f4 |
|
BLAKE2b-256 | a47a0290718fb8f707972f793f1f82b2473eab2dfc4d6751868ea46ede5045fb |