Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS fingerprinting #500

Open
3 tasks done
sudo001 opened this issue Apr 25, 2023 · 9 comments · May be fixed by #767
Open
3 tasks done

TLS fingerprinting #500

sudo001 opened this issue Apr 25, 2023 · 9 comments · May be fixed by #767
Labels
bug Something isn't working

Comments

@sudo001
Copy link

sudo001 commented Apr 25, 2023

Summary

await bot.create_guild(name=...) returns 403 Forbidden (error code: 10008): Unknown Message

Reproduction Steps

Code

@bot.command(name="webhooksetup")
async def webhooksetup(ctx):
    await ctx.message.delete()
    file = json.loads(open("Data/webhooks.json", "r").read())
    guild = await bot.create_guild(name="Webhooks") # <- Here it breaks

Expected Results

Create guild.

Actual Results

403 Forbidden (error code: 10008): Unknown Message incident

System Information

  • Python v3.10.11-final
  • discord.py-self v2.0.0-final
  • aiohttp v3.8.4
  • system info: Windows 10 10.0.19045

Checklist

  • I have searched the open issues for duplicates.
  • I have shared the entire traceback.
  • I am using a user token (and it isn't visible in the code).

Additional Information
@sudo001 sudo001 added the unconfirmed bug Unconfirmed bug label Apr 25, 2023
@dolfies dolfies changed the title Cannot create guild TLS fingerprinting May 6, 2023
@dolfies dolfies added bug Something isn't working and removed unconfirmed bug Unconfirmed bug labels May 6, 2023
@dolfies
Copy link
Owner

dolfies commented May 6, 2023
edited
Loading

Discord utilizes TLS fingerprinting as part of anti-spam now. Pure Python doesn't really provide a way to mimic a browser TLS fingerprint. The TLS fingerprints of Python libraries like requests and aiohttp are fairly flagged due to the amount of spam originating from them. I'll try to influence the fingerprint slightly, but I'm eventually going to have to redo how requests work entirely to overcome this.

@dolfies dolfies pinned this issue May 6, 2023
@BlueSchnabeltier
Copy link

You could use python-tls-client, i also made a binary for arm32 in my fork if that helps.

@dolfies
Copy link
Owner

dolfies commented May 27, 2023

You could use python-tls-client, i also made a binary for arm32 in my fork if that helps.

Thanks for the comment! I've been looking at fhttp and similar, but I'm unsure what the performance concerns would be like when using them in an async library.

More importantly, none of the projects I've looked at seem to support WebSockets, which is crucial for Discord.

@BlueSchnabeltier
Copy link

BlueSchnabeltier commented May 29, 2023
edited
Loading

library.

Just found a package called CycleTLS on PyPi maybe take a look at that (its even asyncronous). Also it would be fantastic in you could take a look at my issue.

@itschasa
Copy link

itschasa commented Jul 2, 2023

More importantly, none of the projects I've looked at seem to support WebSockets, which is crucial for Discord.

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

@dolfies
Copy link
Owner

dolfies commented Jul 3, 2023

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

@dolfies
Copy link
Owner

dolfies commented Aug 25, 2023

Progress on this is being made on the refactor/tls branch. Right now, the blocker is WS support, which seems to already be an issue in curl_cffi.

@itschasa
Copy link

itschasa commented Sep 9, 2023

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

i just think it's unlikely discord actually looks at the bot score for the gateway endpoint, sure it's possible, and cloudflare probably do give it a score, but just unlikely in my opinion.

@dolfies
Copy link
Owner

dolfies commented Sep 9, 2023

its pretty unlikely discord looks at bot score for gateway connections surely? i mean its not a sustainable approach, but definitely a start.

It's not done by Discord, it's done by Cloudflare, and they do look at gateway traffic.

i just think it's unlikely discord actually looks at the bot score for the gateway endpoint, sure it's possible, and cloudflare probably do give it a score, but just unlikely in my opinion.

They don't look at it as much, but it is for sure looked at. If you're not worried about gateway traffic, you can use the aforementioned branch (though it is a tiny bit unstable).

@dolfies dolfies mentioned this issue Jan 2, 2024
Closed
3 tasks
@EchoQuill EchoQuill mentioned this issue Oct 11, 2024
Open
4 tasks
@dolfies dolfies linked a pull request Dec 2, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Mitigate TLS fingerprinting dolfies/discord.py-self
4 participants
@dolfies @itschasa @BlueSchnabeltier @sudo001