Sicilian7 9 Share Posted August 18, 2020 It looks like Jagex have installed a new defense on their website: Incapsula. When I try to send a HTTPS request to create more accounts, I get a response with "Incidient Incident", which I am assuming to mean that their systems were able to detect that I was not a human creating the account. Has anyone been able to bypass this and still mass create accounts? I'm very curious how Incapsula is detecting that my browser is not human, given that I am spoofing most of the request properties in my HTTPS get. Link to comment Share on other sites More sharing options...
Sicilian7 9 Author Share Posted August 18, 2020 EDIT: The quotes are meant to say "Incapsula Incident" Link to comment Share on other sites More sharing options...
Soldtodie 76 Share Posted August 18, 2020 If you want to use httpClient in Java you have to deobfuscate this javascript file: https://secure.runescape.com/af92d108180cb7c3523f6242ce5660c3 because httpClient can't run javascript. Another solution you could try is a browser emulation framework like Selenium. Link to comment Share on other sites More sharing options...
Stoned 52 Share Posted August 19, 2020 Incapsula seems to be a system implemented to stop robots from submitting requests. Without knowing too much on the subject, are you sending a user-agent with your request? Link to comment Share on other sites More sharing options...
TheCloakdOne 389 Share Posted August 19, 2020 If you dont want to build your own, ive just launched a private account creator Link to comment Share on other sites More sharing options...
Sicilian7 9 Author Share Posted August 19, 2020 21 hours ago, Soldtodie said: If you want to use httpClient in Java you have to deobfuscate this javascript file: https://secure.runescape.com/af92d108180cb7c3523f6242ce5660c3 because httpClient can't run javascript. Another solution you could try is a browser emulation framework like Selenium. Could you elaborate more on that file? what is its purpose? why is it obfuscated? why do i need to deobfuscate it? Link to comment Share on other sites More sharing options...
Threadripper 1 Share Posted September 14, 2020 On 8/19/2020 at 6:45 PM, Sicilian7 said: Could you elaborate more on that file? what is its purpose? why is it obfuscated? why do i need to deobfuscate it? <head><script src="/af92d108180cb7c3523f6242ce5660c3" async></script> This is included at the top of the page source. I assume that's where you were looking for the reference in the page Link to comment Share on other sites More sharing options...
Sicilian7 9 Author Share Posted September 14, 2020 1 minute ago, Threadripper said: <head><script src="/af92d108180cb7c3523f6242ce5660c3" async></script> This is included at the top of the page source. I assume that's where you were looking for the reference in the page I've since figured out how to bypass Incapsula. With Selenium it wasn't too difficult. Link to comment Share on other sites More sharing options...
Threadripper 1 Share Posted September 14, 2020 27 minutes ago, Sicilian7 said: I've since figured out how to bypass Incapsula. With Selenium it wasn't too difficult. nice, I had the same issue a while ago, I haven't made a selenium version tho. Just curious did you make a script to edit the page source of the html file to create a rs account and input your recaptcha token there? or how did you submit a captcha with each signup? Link to comment Share on other sites More sharing options...
Sicilian7 9 Author Share Posted September 14, 2020 36 minutes ago, Threadripper said: nice, I had the same issue a while ago, I haven't made a selenium version tho. Just curious did you make a script to edit the page source of the html file to create a rs account and input your recaptcha token there? or how did you submit a captcha with each signup? I haven't really made that many accounts so perhaps my approach doesn't scale too well. My understanding is that they only use captcha if you are sending too many requests from a given IP address. To get around this, you can use a rotating proxy. To bypass the Incapsula, you need to make sure whatever browser you're using has cookies and Javascript enabled. You also need to make sure your browser fingerprint matches that of a legitimate user. In the end, I decided to buy accounts from other's as it suits my purposes much better. So I no longer concern myself with all of this. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.