Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
HTTP interceptor using got to bypass Cloudflare DDOS protection / JavaScript challenge on Node.js
JS-Challange | hCaptcha |
---|---|
hooman is not meant for spamming, please use it sanely.
# with npm: npm i hooman got
yarn add hooman got
got is peer-dependency
const hooman = require('hooman');
(async () => {
try {
const response = await hooman.get('https://sayem.eu.org');
console.log(response.body);
//=> '<!doctype html> ...'
} catch (error) {
console.log(error.response.body);
//=> 'Internal server error ...'
}
})();
const { body } = await hooman.post('https://httpbin.org/anything', {
json: {
hello: 'world',
},
responseType: 'json',
});
console.log(body.data);
//=> {hello: 'world'}
// This is mandatory to set cookie first since .stream() doesn't fire hooks
await hooman(jsChallengePage);
// Now we can download files
const image = fs.createWriteStream('image.jpg');
hooman.stream(imageUrl).pipe(image);
const response = await hooman.get(url, {
captchaKey: '2captcha_or_rucaptcha_api_key',
rucaptcha: true | false, // optional (default false)
});
console.log(response.body);
You can also set environment variable HOOMAN_CAPTCHA_KEY
and HOOMAN_RUCAPTCHA
All you need to do is provide
captchaKey
and rest is done by hooman. It automatically detects if g/hCaptcha is present and need solving or can be solved. There are console.log print on hit as well.
Note that if you make multiple request to same site at once only the first request will be sent for captcha solving while other request will be hanged until captcha is solved. You might face multiple trigger to captcha, please monitor your usage. Best practice is to make a dummy request first and let hooman solve captcha and then process further requests.
const response = await hooman.get(url, {
// required
captchaKey: 'your_captcha_api_key',
// use with captchaKey, should return captcha response string or undefined
onCaptcha: ({ key, pageurl, sitekey, method }) => {
// solve captcha here
return h_captcha_response;
},
});
console.log(response.body);
const HttpsProxyAgent = require('https-proxy-agent');
const proxy = new HttpsProxyAgent('http://127.0.0.1:3128');
const response = await hooman('https://sayem.eu.org', {
agent: {
https: proxy,
},
});
Please see available API here.
All methods and props of got should work fine.
If you open any issue, please respect issue template and provide clean and re-producible example code which can be run without any modification. Low effort issue will be ignored.
I don't make any profit with this library. If you want to show your appreciation, you can donate me here :scream_cat: Thanks! You can also hire me for scraping solution, ping me and we will discuss further :smile:
Made with :heart: & :coffee: by Sayem
FAQs
http interceptor to hoomanize cloudflare requests
We found that hooman demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.