From c9e007639e21368648e0801110bfee9f1b3915a5 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sat, 10 Sep 2022 08:10:51 +1000 Subject: [PATCH] - Make the "checking your browser for robots" look more like cloudflare - Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway) - Remove the footerlogo from challenge and maintenance page, and update the link --- haproxy/html/maintenance.html | 3 +- haproxy/js/sha1.js | 2 +- src/scripts/hcaptcha.lua | 57 +++++++++++++++++++++-------------- 3 files changed, 36 insertions(+), 26 deletions(-) diff --git a/haproxy/html/maintenance.html b/haproxy/html/maintenance.html index 99178f6..1770108 100644 --- a/haproxy/html/maintenance.html +++ b/haproxy/html/maintenance.html @@ -17,8 +17,7 @@ footer{font-size:x-small;margin-top:auto;margin-bottom:20px}.pt{padding-top:30vh

Under maintenance. Please try again soon!

diff --git a/haproxy/js/sha1.js b/haproxy/js/sha1.js index 552123c..3e86180 100644 --- a/haproxy/js/sha1.js +++ b/haproxy/js/sha1.js @@ -13,7 +13,7 @@ if (window.Worker && crypto.subtle) { const challenge = document.querySelector('[data-pow]').dataset.pow; const difficulty = 0; const start = Date.now(); - const threads = Math.min(4,Math.ceil(window.navigator.hardwareConcurrency/2)); + const threads = Math.min(2,Math.ceil(window.navigator.hardwareConcurrency/2)); let finished = false; const messageHandler = (e) => { if (finished) { return; } diff --git a/src/scripts/hcaptcha.lua b/src/scripts/hcaptcha.lua index 9358c7f..692f3cd 100644 --- a/src/scripts/hcaptcha.lua +++ b/src/scripts/hcaptcha.lua @@ -50,36 +50,36 @@ local body_template = [[ -

Checking your browser for robots...

+ %s %s %s @@ -88,7 +88,6 @@ local body_template = [[ ]] local noscript_extra_template = [[ -
No JavaScript?
    @@ -97,25 +96,35 @@ local noscript_extra_template = [[ echo "Q0g9IiQxIjtCPSJiMDBiIjtJPTA7RElGRj0kKCgxNiMke0NIOjA6MX0gKiAyKSk7d2hpbGUgdHJ1ZTsgZG8gSD0kKGVjaG8gLW4gJENIJEkgfCBzaGExc3VtKTtFPSR7SDokRElGRjo0fTtbWyAkRSA9PSAkQiBdXSAmJiBlY2hvICRJICYmIGV4aXQgMDsoKEkrKykpO2RvbmU7Cg==" | base64 -d | bash -s %s -
  1. Set a cookie named z_ddos_pow with the value as the number the script outputs. -
  2. Remove "/bot-check?" from the url, and load the page again. +
  3. Set a cookie named z_ddos_pow with the value as the number the script outputs, and path /. +
  4. Remove /bot-check? from the url, and load the page again.
- If you don't want to run untrusted code (you shouldn't), simply remove the pipe to sh to see the decoded script before running it. If you don't know what that means, you can't be helped. Additionally, the JavaScript for this page is open source and available here.
]] --- 3 dots animation for proof of work +-- title with favicon and hostname +local site_name_section_template = [[ +

+ + %s +

+]] + +-- spinner animation for proof of work local pow_section_template = [[ -
-
-
-
+

+ Checking your browser for robots 🤖 +

+
+
]] -- message, hcaptcha form and submit button local captcha_section_template = [[ -

Please solve the captcha to continue.

+

+ Please solve the captcha to continue. +

@@ -132,6 +141,7 @@ function _M.view(applet) generated_work = utils.generate_secret(applet, pow_cookie_secret, true, "") -- define body sections + local site_name_body = "" local captcha_body = "" local pow_body = "" local noscript_extra_body = "" @@ -149,6 +159,7 @@ function _M.view(applet) -- -- pow at least is always enabled when reaching bot-check page + site_name_body = string.format(site_name_section_template, host) if captcha_enabled then captcha_body = string.format(captcha_section_template, captcha_sitekey) else @@ -157,7 +168,7 @@ function _M.view(applet) end -- sub in the body sections - response_body = string.format(body_template, generated_work, pow_body, captcha_body, noscript_extra_body, ray_id) + response_body = string.format(body_template, generated_work, site_name_body, pow_body, captcha_body, noscript_extra_body, ray_id) response_status_code = 403 elseif applet.method == "POST" then local parsed_body = url.parseQuery(applet.receive(applet))