I just finished watching Datadome's Navigating Bot Threats: Key Findings From Analyzing 14,000+ Popular Websites in US & EMEA.
Here is a quick break down. During the first 5 minutes the Head of Corporate Marketing introduces Antoine Vastel and asks his audience if they had any
Here is some shit I learned about reversing antibots(web not mobile) for some years.
As someone that came from years of coding in Python to literally not coding in Python, you must learn Javascript there is no ifs or buts. You just have to.
You are going to start reading a lot
There are currently 7 major anti-bots that protect all the major sites:
- Akamai
- PerimeterX(Human)
- Incapsula(Imperva)
- ShapeSecurity(F5)
- Datadome
- Cloudflare
- Kasada.
Only 3 out of those 7 have their client-side(JS) scripts executed on a dynamic custom obfuscated VM.
You know is very interested to see how much the bot landscape has changed over the last few years and the level of sophistication that it has evolved to.
Back when I started all you had to do was clear your cookies and get rid of your flash cookies. Fast forward a few years
I am giving the people what they want. Bringing back my blog and I will be posting my old pooky articles. Plus a new series on ShapeSecurity will be released soon after that.
I will deal with the optics and design of the blog after I get some DNS issues resolved.
As I take a sip of my morning coffee and read the front page of /r/webscraping I suddenly become bewildered by the amount of woefully ignorant people believing that all you need is "Selenium Base" and some "rotating" proxies to get around the most protected sites on the internet.
There is no fucking way Arkose Labs believes their solution adds less friction than Shape. Shape doesn't even use CAPTCHAS or user challenges, everything they do is frictionless.
Some people have asked me why I had such a long absence from twitter. The truth of the matter is burn out and running out of fuel.
I came into the sneaker dev industry in mid 2019 and arrived at a server dedicated to botting supreme. At that time, supreme had an custom anti-bot
Damn is interesting to see how far BrightData has come. I used to know them as the guys from Eastern Europe running the Hola VPN guys.
They went from a simple VPN provider to selling residential/data center/rotating proxies to selling unblocker APIs for popular antibots. They
Today I learned by reading Kasada's Quarterly report(Q4) that:
1. CapSolver claims to do 1 billion requests a day, essentially making them close around $500 millions of dollars in revenue.
2. Why
@levi_nz
exiled them from the sneaker dev server, because they were selling to
Ladies and gentlemen if you are going to reverse obfuscated Javascript, please spend some time learning Babel or some other Javascript AST parser. Don't be like this guy relying on public open-source Javascript obfuscators.
How to push an element to an array by ShapeSecurity.
var foo = [];
foo[foo.length] = "bar";
Object.defineProperty(foo,1 , {
writable: true,
configurable: true,
enumerable: true,
value: "bar2"
});
Hey good morning USA I've got a feeling that it's gonna be a wonderful day.
This is my personal twitter account:
Please follow so I can follow you back. Part 4 is coming, its coming very soon.
@blastbots
@uhavewon
@R8T3D
@Sneakerbotics
Thanks man I appreciate all the mentions you've done. You are single single-handedly growing my twitter account.
I believe that this community is too stingy and greedy, that shares very little and expects to extract a lot of dollars right away from users.
@blastbots
@uhavewon
@R8T3D
@Sneakerbotics
I intend of finishing the Pooky series which will be around 20-25 posts, as there is a lot to talk about.
I want build the trust and confidence of the sneaker botting community by offering topics in sneaker botting with videos and blog posts. Not just start with another bot .
@InfoSecSam
I hope they don't follow the same footsteps as some "frictionless" anti-bot of outsourcing their engineering team to India or something of that sort.
@authcookie
Yeah and all of the bot traffic they stop they believe is all done done by script kiddies and traffic from botnets.
Very few of them mention that the same techniques you use to stop bots can also be used to stealthy pass their securities.
@PierreDeWulf
BrightData must have a big enough war chest to go toe to toe with these behemoth corporations. They really are taking one for the team( scraping).
@internalises
The whole point of bypassing antibots is to become stealthy and look like a human not a bot. Using things like out-dated UA or tor proxies becomes counter productive.