0

i have installed all the headers requested by vlogtruyen web site but return error code 'Ошибка на стороне клиента. од . What happened and how to fix it?

using xNet;
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.Cookies = new CookieDictionary();
        httpRequest.AddHeader("accept", "application/json, text/javascript, */*; q=0.01");
        httpRequest.AddHeader("user-agent", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.104 Safari/537.36");
        httpRequest.AddHeader(":scheme", "https");
        httpRequest.AddHeader(":path", "/passport/login");
        httpRequest.AddHeader(":authority", "vlogtruyen.net");
        httpRequest.AddHeader(":method", "POST");
        httpRequest.AddHeader("accept-language", "vi-VN,vi;q=0.9");
        httpRequest.AddHeader("x-csrf-token", "gBethO3SCdOfETQRSLioQLsWpKYP9a8o3VSeDavx");
        httpRequest.AddHeader("x-requested-with", "XMLHttpRequest");

        httpRequest.AddHeader("origin", "https://vlogtruyen.net");
        httpRequest.AddHeader("referer", "https://vlogtruyen.net/");
        httpRequest.AddHeader("sec-ch-ua", "\" Not; A Brand\";v=\"99\", \"CocCoc\";v=\"97\", \"Chromium\";v=\"97\"");
        httpRequest.AddHeader("sec-ch-ua-mobile", "?0");
        httpRequest.AddHeader("sec-ch-ua-platform", "\"Windows\"");
        httpRequest.AddHeader("sec-fetch-dest", "empty");
        httpRequest.AddHeader("sec-fetch-mode", "cors");
        httpRequest.AddHeader("sec-fetch-site", "same-origin");
        httpRequest.Post("https://vlogtruyen.net/passport/login");
Nguyễn Nguyễn
  • 1

1 Answers1

0

The login endpoint is protected by cloudflare so you must provide a valid X-CSRF-TOKEN. For more information about csrf take a look here: https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/. So you most likely must bypass this protection (I don't know if this is legitemate). Some possible solutions would be:

  1. Using a CSRF token across accounts.
  2. Replacing value of same length
  3. Removing the CSRF token from requests entirely
  4. Decoding CSRF tokens
  5. Extracting token via HTML injection
  6. Using only the static parts of the token
ggeorge
  • 1,496
  • 2
  • 13
  • 19