Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kemonoparty] DDoS Guard bypass #1779

Closed
ghost opened this issue Aug 16, 2021 · 2 comments
Closed

[kemonoparty] DDoS Guard bypass #1779

ghost opened this issue Aug 16, 2021 · 2 comments

Comments

@ghost
Copy link

ghost commented Aug 16, 2021

Just a few notes I have from some testing/reverse engineering, hopefully this helps gallery-dl work a bit better with Kemono.

  • __ddg2 appears to be the only cookie that matters. DDoS-Guard will set __ddg1 in the response if it was absent from the request, but will not trigger the check screen if it isn't there.
  • __ddg2 cookie can be retrieved from this endpoint; https://check.ddos-guard.net/check.js. An example in Python is shown below;
import requests

def get_ddg_cookies(url):
    r = requests.get('https://check.ddos-guard.net/check.js', headers = {
        'referer': url
    })
    r.raise_for_status()
    return r.cookies.get_dict()['__ddg2']

k = requests.get('https://kemono.party', cookies = { '__ddg2': get_ddg_cookies('https://kemono.party') })
k.raise_for_status()
  • But apparently, __ddg2 can be set to any random value without any issues? I've tried this, and any text works consistently to get past the check screen with no issues, as long as the cookie is there.
import requests

requests.get('https://kemono.party', cookies = { '__ddg2': 'mionaganoharaisbestgirl' }).raise_for_status()
print('werks')
requests.get('https://kemono.party').raise_for_status() # ddos-guard will complain
mikf added a commit that referenced this issue Aug 16, 2021
@mikf
automatically set required DDoS-GUARD cookies (#1779)
bb6a130 
for kemono.party and seiso.party
@mikf
Copy link
Owner

mikf commented Aug 16, 2021

Setting __ddg2 to a random value seems to work, at least for me, so that's what gallery-dl is doing now when that cookie isn't set:

gallery-dl/gallery_dl/extractor/common.py

Lines 342 to 345 in 1f02878

def _prepare_ddosguard_cookies(self):
if not self._cookiejar.get("__ddg2", domain=self.cookiedomain):
self._cookiejar.set(
"__ddg2", util.generate_token(), domain=self.cookiedomain)

Say, is this service reliable enough to actually block real DDoS attacks when its check can be tricked that easily, at least by single, individual users?

@ghost
Copy link
Author

ghost commented Aug 17, 2021

Say, is this service reliable enough to actually block real DDoS attacks when its check can be tricked that easily, at least by single, individual users?

Should be. The actual DDoS detection happens on a different layer than the browser check, and has stopped major attacks on the site before. As to why the browser check exists at all then... ¯\_(ツ)_/¯

@ghost ghost closed this as completed Aug 17, 2021
@mikf mikf mentioned this issue Jan 17, 2022
Closed
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikf