Comments (13)
LOL, that is true. But new attacks are welcome to give it a try. It's how we improve and learn.
from creepjs.
If you're sending too many requests, try changing your IP address. This is how we solved this problem.
from creepjs.
For a few days it was able to be used with the proxy without any problems. But now it cannot be used with proxy. So, do I need to change the computer?
Did you try using different browsers? Edge, Chrome, Firefox.. ?
from creepjs.
Have you tried changing your network? It is likely the network you are on is too hot and has a higher token cost per request.
Most networks are auto-granted 500 tokens hourly, and each request costs 1 token, but you can spend more tokens by switching networks.
We currently do not have a special access setup, but could consider bumping this to 1000 tokens.
from creepjs.
Got the same issue, but only when blocking the cookies:
from creepjs.
Cookies are not considered. If the origin header is blank, that could be the cause.
In the console, there should be an analysis response near the end. If it is marked abuse, there should be an abuse name. I can debug it based on the name. If there is no abuse name, it's probably a missing origin header.
from creepjs.
Cookies are not considered. If the origin header is blank, that could be the cause.
In the console, there should be an analysis response near the end. If it is marked abuse, there should be an abuse name. I can debug it based on the name. If there is no abuse name, it's probably a missing origin header.
creep.js:14
DOMException: Failed to register a ServiceWorker for scope ('https://abrahamjuliot.github.io/creepjs/') with script ('https://abrahamjuliot.github.io/creepjs/creep.js'):
The user denied permission to use Service Worker.
(anonym) @ creep.js:14
Promise.catch (asynchron)
(anonym) @ creep.js:14
Py @ creep.js:14
YZ @ creep.js:14
await in YZ (asynchron)
Py @ creep.js:293
(anonym) @ creep.js:293
await in (anonym) (asynchron)
(anonym) @ creep.js:537
(anonym) @ creep.js:537
creep.js:293
DOMException: Failed to read the 'sessionStorage' property from 'Window':
Access is denied for this document.
at w3 (https://abrahamjuliot.github.io/creepjs/creep.js:293:38856)
at https://abrahamjuliot.github.io/creepjs/creep.js:508:1075
w3 @ creep.js:293
(anonym) @ creep.js:508
Promise.then (asynchron)
(anonym) @ creep.js:503
await in (anonym) (asynchron)
t @ creep.js:1
(anonym) @ creep.js:293
await in (anonym) (asynchron)
(anonym) @ creep.js:537
(anonym) @ creep.js:537
creep.js:520
Error! Failed to read the 'sessionStorage' property from 'Window':
Access is denied for this document.
(anonym) @ creep.js:520
Promise.catch (asynchron)
(anonym) @ creep.js:520
await in (anonym) (asynchron)
t @ creep.js:1
(anonym) @ creep.js:293
await in (anonym) (asynchron)
(anonym) @ creep.js:537
(anonym) @ creep.js:537
- Browser: Microsoft-Edge: 111.0.1661.41 (Official Build) (64-Bit)
- Platform: Windows 10
- configuration: cookies for
abrahamjuliot.github.io
blocked
Note: This issue persists ONLY when the cookies are blocked
from creepjs.
I see. This is not a network error. That is just the prediction API blocked from execution due to no session storage. The code uses session storage to hold samples. I may change that at some point, but it's there for development. You can unpack in the console via...
JSON.parse(sessionStorage.samples)
from creepjs.
Good tips.
I should note, there are some hidden rate limits, but these are only manually applied if the site is under attack, and are based on server-side analysis rather than networks.
Currently, the only data used to distinguish attack from testing is breaks vs. no breaks in a 24-hour timeframe. 8 hrs with no breaks is fine. If a fingerprint is tagged sus
or bad
under the analysis section, it means it is being supervised and serviced for testing.
from creepjs.
For a few days it was able to be used with the proxy without any problems. But now it cannot be used with proxy. So, do I need to change the computer?
from creepjs.
Yep, different browser should work.
from creepjs.
It's likely your hidden browser fingerprint is too hot and unique, and generating too much traffic. The key to getting around this is to blend in with normal traffic or look as real and organic as possible. A high number of proxies and random/fake fingerprints work against this technique. Ideally, you want to be on the latest stable Chrome, Firefox, or WebKit. Custom chromium builds (such as anti-detection software) typically fail to blend in.
from creepjs.
It's likely your hidden browser fingerprint is too hot and unique, and generating too much traffic. The key to getting around this is to blend in with normal traffic or look as real and organic as possible. A high number of proxies and random/fake fingerprints work against this technique. Ideally, you want to be on the latest stable Chrome, Firefox, or WebKit. Custom chromium builds (such as anti-detection software) typically fail to blend in.
Good tips.
I should note, there are some hidden rate limits, but these are only manually applied if the site is under attack, and are based on server-side analysis rather than networks.
Currently, the only data used to distinguish attack from testing is breaks vs. no breaks in a 24-hour timeframe. 8 hrs with no breaks is fine. If a fingerprint is tagged
sus
orbad
under the analysis section, it means it is being supervised and serviced for testing.
@abrahamjuliot I just wanna note here, that you provide pretty accurate instructions for a potential attacker
from creepjs.
Related Issues (20)
- Make CreepJS accessible as an NPM library HOT 4
- Doesn't work HOT 14
- Doubts about the erro infos
- Doubts about the erro infos HOT 9
- MIT or ISC license? HOT 1
- Doubst about the WorkerNavigator HOT 3
- Idea: Detect frame rate HOT 1
- How to use? HOT 6
- what is ```- failed prototype test execution``` HOT 9
- lazy loading iframes HOT 3
- Firefox trash after update HOT 2
- what does session mean? HOT 1
- Novice webdev here - How do I install this? HOT 1
- Workers test throwing unsupported on Safari 17.3 HOT 10
- Where is the server source code itself? HOT 2
- How is the FP ID calculation being made? HOT 3
- fonts.lied is undefined HOT 3
- Workers testing is easily defeatable. HOT 6
- Documentation on how to run this HOT 3
- CSP blocking worker HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from creepjs.