能够看出风控服务商是Cloudflare
需要研究下这个风控服务商
dexfilter.com needs to review the security of your connection before proceeding.
Ray ID: `7652645fbc699843`
Performance & security by [Cloudflare](https://www.cloudflare.com/?utm_source=challenge&utm_campaign=j)
在2022年11月5日0点之前能够正常访问,0点以后出现很长时间的无法访问,5日上午再次查看发现风控升级了,全部需要上面的验证了。
验证页面的源码
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
<meta http-equiv="refresh" content="35">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<h1 class="zone-name-title h1">
<img class="heading-favicon" src="/favicon.ico"
onerror="this.onerror=null;this.parentNode.removeChild(this)">
dexfilter.com
</h1>
<h2 class="h2" id="challenge-running">
Checking if the site connection is secure
</h2>
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/jsch/nojs/transparent.gif?ray=7652645fbc699843')"></div>
<div id="challenge-body-text" class="core-msg spacer">
dexfilter.com needs to review the security of your connection before proceeding.
</div>
<form id="challenge-form" action="/coinnav/index?pool_column=ub&nt=0&range_date=24h&date=24h&rise_or_fall=up&range=5_max&page=1&page_size=100&__cf_chl_f_tk=tu0Telme9CkRJnTS4qTN6o6EMCY8jiwMPRhxKIgS.0U-1667617781-0-gaNycGzNCOU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="_pkliyBOWi6XlYnN2zO5YoSpg44S5.XJrkCvPbHOqVk-1667617781-0-AXMTG3u1YDEx7m6WAqXZ7IeBEaOiv9llzZTSlbSrkDeg429TBk4LGpqYayxiFRUArkN8-D-JbFzEjtYMOGqLlAtA1JwV-pKIyAR43rn1d7WtJ5fQl_rmay0ar0BS7QUINu9tHUQAOL7oN-r7tT03zjzWfEUOecd5ZXM4FyACrkHp-IZsabR4HAN1BZ0FBTFFNEvSpa2wGYnqyO9GfXKQ3EkNyY-hyc-BiAUTFdZw2jRDg-wWDfNc09oFNcWyC0yjqPmQA8f4zg0RoHTJ5JrYcYAV2mWNpL9-L62B-7q3LkOe2HdkJignQkW9OmBAECDjVJdFlEAlnBNAD_I7KleeOdTLqDurphZC9_kc12jyXP2KOQ1zgwIlefFwkUjMmy_9heusLY_9XkQcid-AyZvyp8CnFVQRDmKj6WM2O8ObeG8J3cT5WBe8Z0YKnaVrezqhbUUVIyM3jCsk3MZt4hNay6-aqUlI19Ll_kBid84mpw4iyUZ_piGm-Vu-jvNcSVg2mf5Z4geb-r2Bvlfw88HHD6T_o-nbj3eJLcKSLeYHQRJdH2dVRhFEimFoeSNfM7h_H6PMWMXSIvURI1W6iW-VJZTYIn1dgPp_a-nTEIpVKmp_ID9-R4aaqU2tgCSWz59rUFKIiDd_AUrkNGShoMG6_KBomSjUL3rJEDsuY92hQDLn_l6x3vT06ggawPwEIwG_fxR-pUDZTLzUGEwqqpgTruUH_ItujNNrpoR_TQA0JX9IY8g5VejZKLHlsYo5h2HTzyMNjdTiicrT7-aNJNPgvSTdE2JWG58bBwxoXT8zKMYPZZqe0KWjS38qh8hZIHBgqw">
<input type="hidden" name="r" value="5Foe9RM3Sob0qZGBbfmN0SZlq.gaYLIkAJyREpnovs0-1667617781-0-ASgF4gzSXy6pq+4jGtXW+XvqhTPIZjuei3JNddqd+SELA8BA9mDFU/xA7TIULfFakDZtPC2zrMhfplFR9UasLGQ2Jgl87DkvlQ5autZbs29CmqFasz81TVAaRpdBqPMsOGx6KyUUNQtBM0LT6qSHb5tGPWfHF3TTeErS9ejMoudXa2VliGyBzpKJH9RtU1s6YmpO80CbIZU7pogQe35z6czWXGr4BmYdonizau90kF6HsrRZyXSdetmX+oISp0t/SbQsl/ahR2P72BIGES9U4gFFSfY4UsYHE9I41TFIRbm75fSyuHrZpilgyM386QyA19dxeVcl9643D7ErGUD0JltwN001AYrCZG8VzviuC2MB970MIio6I+84UzE+nCmKi30wiNcOH/tU6NBeLt8B7eSn2HLSLc+8ThpKOqWZCG+VZF4yc6G1UrPGFJ2/KnB3KfK3a5xiH9qv/VWgfqVDcdmGERBzBlcoUuGdQxitqEXjGvh4IdRZH6vvJfLvsYi9/bA4SiJjibzJIpvQ2MT26A2kk9mzgYg04naJerfNSq9LUJAZ+K+TGJuhyHuoCsmBr5IimpPqSPkxrXz5v9r5vVxRMLgp8BPu3PpQQfAH33Lv7J97qfsE8FgWqqhQw/FAyn0XmMfI413GLi/IOr6LnPe+nblIR0mK4CRQ3R/d+NBbTlJk+k/aGLh7V60ptGSkDvi8SwPMO7bWui47i4nSs8c/bROeGYA8S1JMXJ7ckP3i5jbo9gFT+SQgA82e1yp0bbBKBZvOntoVtEoWTJvuE1Ok15PU8OpISHTvQpRYZ6AuYHGV7Xy5olj22Xeevkpkk+Vege7o2AZbtwaetbA3vGfydLlFjb0F8o5hWz9qs0zWW0JyCgd0N5AuqLJYdT3RWw4+Fbnt2KDOHQwSyW4yKxv7GkWjJnLREd7QfGFzUvp4e1MTGDRvlOZ3sf/VQNYIb04ENRLjdoQhmwiDGdGKdOC99w+KtVRq/NJs7JUT9mb7JAW2rzB8+meEx4F+hPjW7eskPpAnFkeJX+7hAtJyH84QFpreZ351AoZkGiRQ060mIj2L6FyjUHqadO2S5TFl0f2h6EsK3mMX4htRBubdBvuiHU4ZzkKRdh9CgXcct4r/lMU24JEl1eOEVuKeFpkafZ6vUAMolm1b9BVa6KNfYSbQzbnJFsp12p4A9+DAMUzdwyIgVFPuEAoYyijVQGhxH56TkhcV9RMSiKlGzIeAgZ2pwbcx/x+/UjKXEEej4i2d2RpgDhkkhB+dy4jI814EYhd/O+xE4D+ODgzEFIkiR6A/hJ+jVxqYFyxhjzBYku4aoLnQqq8O8UBlCILxIQ6KPExlO2XCaUClig10K7cStlFxh1KhjDRzTeT0kX1S2auGx9nnX+Bg62X5tU6qJqdFN4BMhJe2W1IxHJd1lGBkTcs1fIf600+OS/UIr0OG2HdacLx4pj288SBaVoTOko5hLwVfKbjjXusyGOv1hP/ggyct1ZMD/5qjr1iL1hIiteJ67df2nKUSOeEknY9KUlZ28tC5RcoH78j7okCBBrL3NG2p/0PKl99RLjMCNzabgYDI0FD6G5t2ZYrP+lhzX7DfC8lOCUkxoDFCFhfsorkq3uKJrRGIaS2iKf49NWAtERKubCJFCjokl7ScjAxnRjeHc01HvSk8J2Qhesm0n4OArnGkIEQn4NkenK/HgExyvB8bQof4h3FMECkTowHNgrWRUCyqsPazfcxbzzJElW0NXMCa2DC8li0XxqDTkeztnBnySDnatPACRGR1CdajqZmDb8GREgEybOsIy3tsob1eSLHqyKKbLZP6UIwYffUp4F7v08YN8QjqKbeaCi+yUbjN3Sogs3UZSMOJNQzCV4l+w71iRz9HFZ6nt48rXFJQBd8DMqCXkvY+VoyWS3jLm9TXSxy67K+1cxaLIs0AW/gX88UYtUCFNnMi1QA7l+bOS7m/jdIHZCtwkJswwjkWOSirRBrp+8+vgManskoKUN/pDj8UDnkqXJdS9RmxXBpNDCYNNSlwehCsVV2+atfSyH48MTKQYYwDmO8BTPNeyOMW+0wqdLWVDQluIWr9vb/r1mPKp/Nc1ytKScvIxaa19zM5qKbik7mweMQiECsBE/LEAMxhZDzfzZNcqeA3hVkMIDYz0LSiwm5UI6snH6Ro6DC1vpCH9muQwP8yKTFkcIacwwk1w7LXkkgw3ObzFzfCmhU6">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cType: 'non-interactive',
cNounce: '8846',
cRay: '7652645fbc699843',
cHash: '41409f4e40c1e58',
cUPMDTk: "/coinnav/index?pool_column=ub&nt=0&range_date=24h&date=24h&rise_or_fall=up&range=5_max&page=1&page_size=100&__cf_chl_tk=tu0Telme9CkRJnTS4qTN6o6EMCY8jiwMPRhxKIgS.0U-1667617781-0-gaNycGzNCOU",
cFPWv: 'g',
cTTimeMs: '1000',
cTplV: 4,
cTplB: 'cf',
cRq: {
ru: 'aHR0cHM6Ly9kZXhmaWx0ZXIuY29tL2NvaW5uYXYvaW5kZXg/cG9vbF9jb2x1bW49dWImbnQ9MCZyYW5nZV9kYXRlPTI0aCZkYXRlPTI0aCZyaXNlX29yX2ZhbGw9dXAmcmFuZ2U9NV9tYXgmcGFnZT0xJnBhZ2Vfc2l6ZT0xMDA=',
ra: 'TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTVfNykgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjAuMCBTYWZhcmkvNTM3LjM2',
rm: 'R0VU',
d: 'YCMVE9x1IjbgCL7LElN0LWlWuSaDyfFgNZLZQYOzHi0D/wJ49v5Xe3Srkhf51wqjF45YeVgz5tGUoY8MU2/ocITtSpY/kzwk3hdPy7ZrXal11j4fGz+68X0SzTQT3wVv2bPpXiV7Bw6MAP0y06kvxu11Vy6Ia3dEyCNhp4WCtKtFHlOQhqtd9rn3TXw+guBrJxd2Mr/w6Wq1dtVtXMRrK6YKqrjwhcWNuRE6JSeNdBp+u+XM9jY0kJIKsSxOYFGupe8tE369UJMQ5o95GpReh8iIgma543uhx6l5cqEXdQaGARg+9Idy6TZY3vCTj+t3nv4YvH5TFof9T5VnTCioWHsKng/dUTtwI0r8otU61Iz+yZgvRLw+H+pk5TJSjcXMCDPAuHmlSWp/+u84Z17WPEXwPvdo6djV3KXdyl40fBpzCqWkR52zVLuRVsyWeIo+62YCAwDkHrnfsrYZAKFg12VfY5lmi84SpcXEHnt1492WOwhE2zIvac6aarwwaZUCxV5udpmoygFFZ7M7wJv/xCungJl3acj9F7z0gWk3gs2w8PzQrrSWdr5nwtxPnP88',
t: 'MTY2NzYxNzc4MS43MTUwMDA=',
m: 'H3hXU7O3+VuXfCHXn+r4rczMLwsM4Gs7GwJ5BrhjrN4=',
i1: '7tCrnSPsa48WG+LiNsdTHQ==',
i2: 'EzX5JYqX1pKEhu2EyDPw/Q==',
zh: 'Cns4HEzFH8/xM4Q62OA7gdSo2NB/DLr0Is9NPMWRKAo=',
uh: 'CWjGFBp7WjA9thG1d9rKUrrTqEgf4aYDSLXmIxoHUZU=',
hh: 'BH3r+wG/FQ2mojZwrNANFOzGlZfSB5Byjr+FQpJh10g=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=7652645fbc699843');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7652645fbc699843';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, -window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "/coinnav/index?pool_column=ub&nt=0&range_date=24h&date=24h&rise_or_fall=up&range=5_max&page=1&page_size=100&__cf_chl_rt_tk=tu0Telme9CkRJnTS4qTN6o6EMCY8jiwMPRhxKIgS.0U-1667617781-0-gaNycGzNCOU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
<div class="footer" role="contentinfo">
<div class="footer-inner">
<div class="clearfix diagnostic-wrapper">
<div class="ray-id">Ray ID: <code>7652645fbc699843</code></div>
</div>
<div class="text-center">Performance & security by <a rel="noopener noreferrer" href="https://www.cloudflare.com?utm_source=challenge&utm_campaign=j" target="_blank">Cloudflare</a></div>
</div>
</div>
</body>
</html>
分析
cookie: _gid=GA1.2.1181511998.1667548563
cookie: _clck=1s1ks24|1|f6b|0
cookie: cf_clearance=7898eab9959d0164cfc90d952eefa5ea3ca0eb52-1667617928-0-150
cookie: _ga_9K67MXYJY6=GS1.1.1667617929.8.0.1667617929.0.0.0
cookie: _ga=GA1.2.1211264758.1667548558
测试发现,原本不需要校验cookies的接口,现在需要强行校验了;如果不带cookies,怎如下503错误:
真实浏览器调试
5日中午打开后就没有动,5日傍晚19点再次刷新的时候并没有立马得到响应,而是重定向到了验证页,约等待了2-3s,然后又自动重定向到了真实主页
推测在这7个小时左右,cookies可能部分的key过期了
通过分析对比这几个cookies里面的key是不变的
_gid=GA1.2.1181511998.1667548563;
_clck=1s1ks24|1|f6b|0;
_gat_gtag_UA_236603143_2=1;
_ga=GA1.2.1211264758.1667548558;
下面这个key好像只在列表页出现,详情页的部分接口是没有的;并且这个key的value会发生变化
cf_clearance=7898eab9959d0164cfc90d952eefa5ea3ca0eb52-1667617928-0-150;
下面key在列表页和详情页都会出现;并且会变化
_ga_9K67MXYJY6=GS1.1.1667617929.8.0.1667617929.0.0.0;
_clsk=13bl8lm|1667617930442|3|1|f.clarity.ms/collect
所以真正会变化的有三个key,并且会过期,逆向这三个key,基本问题就可以解决了
cf_clearance=7898eab9959d0164cfc90d952eefa5ea3ca0eb52-1667617928-0-150;
_ga_9K67MXYJY6=GS1.1.1667617929.8.0.1667617929.0.0.0;
_clsk=13bl8lm|1667617930442|3|1|f.clarity.ms/collect
charles验证过期的cookies
能够看出,过期的cookies一样会被ban,反映在浏览器访问上就是跳验证页刷cookies,这个验证页一定非常关键,它能够生成cookies来刷新
解决方案
2022/11/06 下午发现,只需要带一个key的cookies就行了,该cookies来自网站主页的生成,该cookies和useragent绑定
参考
github.com/Xewdy444/CF…
该项目说这个cookies不仅仅和useragent绑定,还和IP绑定
经过反复测试,该cookie确实既和IP绑定,又和useragent绑定
