[CLOUDFLARE] Any help is welcome!

Create issue
Issue #591 new
Red Squirrel repo owner created an issue

Ok guys, here we are again…

As many of you already know, Cloudflare anti-bot protections have always been a pain in the neck for Manga Downloader: over the years they have required a multitude of imaginative techniques to bypass them. And every time you finally succeeded, in a few months Cloudflare introduces new features that completely break the support for the old techniques and require you to go back to puzzling over how to bypass the new ones.

With the use of an external web browser extension we had found an efficient method to bypass any type of protection existing to date, both those javascript based (redirects or 5 seconds waits) and those of captcha based (recaptcha, hcaptcha, etc ...). But could Cloudflare keep quiet? Obviously not.
Starting from April, with an update they have introduced new levels of protection that apparently also break the bypass method based on cookies (and therefore they make the web browser extension useless). Now if you try to force the protection with the web browser extension (using the "Try to force the anti-bot protection" button) you simply get a page with an error 1020 telling you that you are banned from accessing the site. Point. No captchas, no redirects, no 5 seconds waits, just a "no, you can't access".

And here we are at the main problem: when Manga Downloader tries to connect to the website it gets exactly the same result. The server simply replies with an "error code 1020" text and no other information. No challenges to bypass, no captchas, no data, nothing at all. Just an "error code 1020" body text (with a HTTP 403 Forbidden error code).
I think you will also understand that with these premises it is obviously impossible to do something for the program, since it has absolutely nothing to work with, since the server simply replies that “no, you cannot access the website and that's it”.

But if you can access it from a web browser, isn't it enough to simulate a real web browser when making the web calls?

Well, obviously that's the first thing I thought. But unfortunately it doesn't seem to work. I tried to simulate the web browser calls 1: 1 but even using all the cookies and all the headers used by the web browser the result is always the same.

Here I used the specific Chrome function to convert the web browser call into a cURL one:

And this the result:

Simple and useless.

And now?

Well I looked for info on the web but unfortunately I didn't find anything helpful. Some people say that it depends on the ability of managing cookies (but implementing a cookiestore does not solve anything, already tested), other people think it’s about the missing javascript support (but even if you try to disable it from the web browser, the page loads another error screen and not the 1020 error, so I really doubt it depends only on that), and other people say it could be a check based on the web browser's digital signature (so Cloudflare could be using a kind of whitelist for web browsers).
The only certainty thing we have is that there is something that Cloudflare's firewall detects and that leads to the 1020 error page. What it is, however, we still don’t know.

And so this is where I need your help: if you have additional details or more information about this matter, or even if you have just read about alternative methods to bypass this new Cloudflare protection (or you know programs that currently do it) then please tell me. Any advice or suggestion would still be useful to move the situation a bit, thank you 👍

What websites are currently suffering from this Cloudflare issue and what solutions are there at the moment?

Fortunately at the moment there are not many websites suffering from this problem, for example the only one that has been reported so far is mangasee123.com
About the solutions, as I think you have understood by now, the only possibility to date is to look for alternatives: nowadays it is very rare for a translation group to post their works on just a single website, 99% of them in fact will share their scanlations on many different websites and very often third parties repost them on other websites too.
So just take a look at any other website supported by Manga Downloader and see if the scanlations are there as well.
For example, in the case of mangasee123.com there are manga that literally tell you that you will find the scans on other sites, such as Rent-A-Girlfriend:

Until a way to bypass the new protection will be found (or maybe the website decides to disable the protection) this is the only feasible solution.

Comments (5)

  1. Log in to comment