Comments (15)
Done. Seems to have not broken anything on my end -- can you pull and validate all 3 cases as well
(captcha, valid, not valid)
from sherlock.
Just realized I forgot a case --- 'not valid in country'. Will add that now. Shouldn't make a difference for the captcha tests.
Edit::: that's actually accounted for by the 404 msg I added, so we're good
from sherlock.
hm......... lemme re eval and get back
from sherlock.
I get geoblocked here in the USA, so it was an easy test for me to run, lol
I'll go ahead and link your Issue to that PR so it gets closed when and if it (hopefully) gets merged
from sherlock.
@cd-CreepArghhh Can you share the raw html used for that page? I'll likely be able to add it to #2068
It won't bypass the captcha until circumvention is added, but it would avoid F+ hits due to the captcha when it's presented
from sherlock.
Huh, interestingly there's no captcha now (so it's not a JS issue) but there's a 404 page and a profile. Maybe I'll run Sherlock a couple times then try again.
from sherlock.
If you do end up hitting it again drop a ping
Testing yandex in a PITA on my end having to use vpns and such, and even when I do, it apparently trusts me implicitly and refuses to rate limit or captcha me
from sherlock.
(if the captcha page returns a status code other than 200, we can also use that as a simpler resolution)
from sherlock.
Okay, found out that spamming them with requests gets you a captcha fast. Running Sherlock 4 times resulted in one captcha, and my browser got 2 in 6 requests.
You're going to have to run the HTML through some prettifier though (I don't know any) since it's all on one line.
Note: Github won't let me upload .html files, so rename the .txt to a .html, thanks.
Oops, Captcha!.txt
Oops, Captcha!_files.zip
I'll spam a few requests with python now to check the status code.
Edit: the captcha page (some long URL with a hash or Base64 string in it) returns 200, I'll see what I get when redirected from the profile page (probably 200, so don't wait for me to finish).
from sherlock.
Finished. Out of 100 requests, the first request was a 404 (i.e. no captcha) then the rest were all 200s (thus captcha). No 302s either I think, since IIRC requests doesn't automatically resolve those. Status code isn't going to be of any use.
from sherlock.
Gonna push a hopeful fix. If you want to be added as a co-author you can drop your github no-reply email/other github email here and a name. Or link to somewhere that has it.
Otherwise I'll push as a single committer.
from sherlock.
Just push as single committer
from sherlock.
I don't think it worked, since there's still a false-positive. By the way, I'm pretty sure I'm still in the blacklist or whatever Yandex Music has going on, so it will be a while before I can test the other two cases.
$ git clone https://github.com/ppfeister/sherlock.git # hope I cloned the right repo...
$ cd sherlock
$ python sherlock ecfhlmiuewfimcuhem --site YandexMusic
[*] Checking username ecfhlmiuewfimcuhem on:
[+] YandexMusic: https://music.yandex/users/ecfhlmiuewfimcuhem/playlists
[*] Search completed with 1 results
from sherlock.
@cd-CreepArghhh Just got back
Noticed that you didn't run with the --local
flag. When you don't use this flag, it pulls from the repo by default instead of our local patched data.json. Can you test one more time but while using that flag? (this won't be necessary if the patch gets merged upstream)
When using that flag on my end, it seems to give the expected result for each of the four cases (not valid, valid, captcha, geoblock).
(that flag messes with me quite a bit.....)
Edit: you do not need to re-pull unless it's been deleted
from sherlock.
Yay, it works! ecfhlmiuewfimcuhem
doesn't show up, ya.playlist
does, and I didn't get any false positives even after spamming the command 30+ times. I didn't realise that it grabbed a data.json
from GitHub instead of the local one by default (probably so you don't need to git pull
as often).
Also, I'm not sure what the geoblock case is so I can't really test that. (I assume I could try running it through a bunch of tor nodes until I hit it, but I don't have time for that right now).
from sherlock.
Related Issues (20)
- Skip adult content filter for sites explicitly listed
- SHERLOCK// ERROR "string indices must be integers, not 'str' " HOT 1
- False positives (Kick, LibraryThing) HOT 2
- Safe removal of openpyxl dependency HOT 2
- improve user journey for scripting HOT 5
- Do we really need to package Sherlock for various platforms? HOT 17
- i wont to be hacker
- Sherlock just Giving out false profiles HOT 6
- Make torrequest (and other deps) optional HOT 3
- https://www.facebook.com/profile.php?id=61558096995421&mibextid=LQQJ4d HOT 2
- archive.org returning 200 response for any query HOT 4
- sync-json-data workflow failure HOT 3
- I keep getting errno 13 HOT 8
- Adding a demo walkthrough of Sherlock to docs HOT 2
- Heavy-R F+ / APClips F+ HOT 8
- Watson HOT 1
- CyberDefenders false positive
- Zhihu false positive HOT 1
- Requesting support for: x.com (formerly Twitter) HOT 2
- Installation from sources HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sherlock.