THE FORUM IS IN READ-ONLY MODE

This forum is in read-only mode. The new forum is live at https://discourse.openbullet.dev and registrations are open!

Bypass Incapsula and Akamai



  • hi
    is there anyway to bypass these in openbullet?
    i saw a guy bypassed akamai with a script that connected to localhost in OB but im not sure he was right

    so if there anyway


  • Admin

    There is no builtin way to do that. It is possible with other tricks that I am not aware of.



  • @ruri How About Incapsula?



  • Hi, I don't think you understand how Incapsula works, let me explain 🙂

    Let me tell you first to bypass incapsula, you will need to bypass recaptcha. Incapsula brings recaptcha into equation after a certain amount of requests.
    If anyone were able to bypass recaptcha or you can pay for recaptcha, you then will continue to bypass Incapsula.

    Incapsula runs JavaScript code to see if you're using an automated browser, such as Selenium, phantomJS, mechanize etc... and they store a cookie right then and there and make a request with that cookie to send back a bunch of other cookies which all make it possible to access the website.. using those cookies you can now continue your session to the next request on that website.. if you request too fast or at odd intervals, incapsula will bring up another recaptcha... also your cookies expire very fast. You need to be undetectable... if you don't obey the recaptchas PLUS robots.txt and request responsibly you are going to fail.

    Hope I helped.



  • @analyzer
    so the header cookie will change every time
    and recaptcha i cant find,even cant find recaptcha key in incapsula error page and and Bypass CF should Use?



  • bypass akamai is too hard to past it



  • I'm learning about this matter at the moment

    @Ruri & everyone esle that can help, can we use these scripts or methods in OB to bypass this obstacle ?

    https://github.com/vincentcox/bypass-firewalls-by-DNS-history

    or

    https://github.com/Imbuedhush/Incapsula-Bypass
    https://github.com/ziplokk1/incapsula-cracker-py3


  • Admin

    If you use the first tool you posted, it will give you an IP address that you can use in your requests with openbullet. So there's no need to integrate it inside openbullet, you can do it with that tool already.
    For the other ones, they are open chrome tabs on my pc that I have yet to delve deep into ^^



  • Unfortunately I don't know how to implement it. It's not in my line of knowledge

    But will work on it to find a way of doing it for sure



  • I heard that @Pure made a script to generate sensor data for akamai, @masterchief like @Ruri said you have to make your request to the IP=url (182.25.36.78=http://yourTarget.com) I guess 🙂



  • So its possible to create an host with akamai bypass to use ip=target site?


  • Banned

    i made akamai config with out localhost method 1k cpm with just radom some values in sensor data but not work for long term i think



  • @Br4uN can u explain this 2 me in dm



  • About Akamai, personal experience, it was for research purposes only.
    I had an Android app X which includes "x-acf-sensor-data" header in sensitive requests.
    After a certain research what I came up with is that Akamai gives a "package" to it's customers so they can include it on their apps and they generate that header based on a secret token each app has,
    this package have a function that's responsible for generating the sensor data (hint: CYFMonitor.getSensorData()). It bases mostly for generating that data on: Andoird.Context which is a class of android system that keeps all the information about the device.
    The easy way I found, you need to be familiar with hooking (brief explanation is intercepting function calls.. means u change the input, output, implementation of a function while the application is running), I changed the implementation of CYFMonitor.getSensorData() so when it's called it generates N (a desired number) of sensor data and saves them to a file and I triggered an action that requires the sensor data and voila!
    The most efficient way of course is to decompile the app and see how the akamai package works and try to make a script which generates it automatically, just like thousands and thousands lines of code.



  • I wish there was a more automatic way for this to implement on OB



  • @Ruri I heard that @Pure made a script to generate sensor data for akamai, url (182.25.36.78=http://yourTarget.com) what 2 give in post data
    can u make docs on this


Log in to reply