Why?

Herbert · December 11, 2023, 3:06pm

It’s not the client cookie, It’s the website’s cookie.

Herbert · December 11, 2023, 3:10pm

Just to be clear guys, What I showed was a different method. Like @ChrisPAR you can’t directly access using just CURL. So don’t get me wrong for posting things like this.

anon50163844 · December 11, 2023, 11:39pm

*Big brain emoji
I guess curl actually works. So there’s no cookie validation whatsoever? But I hit the security system instead

YT_Xaos · December 12, 2023, 12:12am

It does not because:

However, when Herbert did it, it worked, not sure how (and yes I did try to set the cookie).

Greenreader9 · December 12, 2023, 1:00am

Because he had the cookie there

YT_Xaos · December 12, 2023, 1:58am

That is why I said this:

I’ll try again in a few minutes or tomorrow (it is 8:59 PM currently and I have school tomorrow).
–EDIT–
I just tried it and it worked!

Herbert · December 12, 2023, 10:39am

That’s correct, without the cookies JS won’t work.

Herbert · December 12, 2023, 10:40am

anon50163844 · December 12, 2023, 10:47am

still doesn’t work for me

YT_Xaos · December 12, 2023, 12:12pm

You are using Herbert’s cookie! Go to dev tools > Application > Cookies and copy the value for __test.

wackyblackie · December 12, 2023, 12:45pm

A whole new solution would be to use headless chrome or Firefox. Maybe that would work. I’ve never used a headless browser before, though.

Ziverre · December 12, 2023, 12:46pm

The whole conclusion for me is that this security system sucks.

Greenreader9 · December 12, 2023, 1:00pm

Yeah, that works. Or just re-invent the cookie.

Admin · December 12, 2023, 2:34pm

The cookie is not a static value. You can’t just copy it once and reuse it forever. That would make it way too easy to bypass the security system.

It sounds to me like it’s doing exactly what it’s intended to do.

Ziverre · December 12, 2023, 3:10pm

Intended to prevent bots from accessing but some easy trick bypasses it.

anon50163844 · December 12, 2023, 10:16pm

How to see devtools on android?

YT_Xaos · December 12, 2023, 10:29pm

I don’t have an Andriod so I wouldn’t be able to tell you with certainty that this works but here’s an article:

Alternatively, this is what Bing AI told me:

Herbert · December 13, 2023, 5:22am

Hey Admin, The current cookie security mechanism is indeed preventing bots, but wouldn’t it be more efficient if you set the cookie value to reset for each request? This would improve the system. It’s just an idea, though!

Ziverre · December 13, 2023, 5:33am

It would unnecessarily slow down page load time + break media linked in it, it would still be bypassable by a bot which uses headless browser.

Herbert · December 13, 2023, 5:38am

Yeah but it’ll add another security layer though. Why not using CAPTCHA? It’s very effective against bots.