In my last post, i shared that we can use Fiddler to bypass cloudflare protection. I used it for a few days and realized that Fiddler is not stable. I decided to do more research. It turned out that Cloudflare use some signature in TLS protocol to identify the client. Chrome/Firefox/Edge using different library. Luckily there are some library developed to simulate these TLS protocol. The tool name is curl-impersonate , check it out here https://github.com/lwthiker/curl-impersonate#Advanced-usage I have a thought about this, Cloudflare spends a lot of efforts on this to detect the bots. But now, we know where cloudflare get the data and weRead More →

Another day, another thing. I’m running a PHP site on Azure App Service, the site needs to convert some documents to pdf. We know we need wkthmltopdf, unfortunately the default image doesn’t have it, we need to do it ourself. First i install wkhtmltopdf – it seems pretty simple: apt-get install wkhtmltopdf It installed successfully, unfortunately when we run it, we got this error: QXcbConnection: Could not connect to display Aborted (core dumped) Google the error and found the recommendation is to run like this: xvfb-run wkhtmltopdf -q test.html test.pdf I tried that, unfortuately, it said xvfb-run not found. OK, let install it: apt installRead More →

if you need to write a crawler script and that script needs to crawl a site protected by cloudflare. you will face a challenge, you got 403 error. It’s because somehow Cloudflare knows that we use some tools instead of browser. Even you open the Chrome Inspector and copy the curl command , you still got the error. I did some try and found some ways pass this. if you use curl : you need to use it through a proxy (Fiddler with HTTPs decrypt) If you use wget you will need a proxy (Fiddler with HTTPs decrypt))+ change the user agent to Blackberry. Note: Read More →

With recent data privacy law, somehow i thought that our identity will not be easily shared between sites. This is wrong, i found it today. I’m using my personal laptop for non-work related things, sometimes i use it to open our company email. Since our company will not never share our data, but somehow when i open some internet sites, i see them connect to some identity services to track the location. Surprisingly, i see it know what company i’m working for. This is the company providing that service – not sure how they make it but i bring a lot of concern to me.Read More →

If you accidentally delete some files in your EC2 , you don’t want to restore the whole volume, you just want to restore some files on it. The easiest way to do this is to mount the backup volume to a different EC2 and mount it from there. In case you want to mount that backup volume to the same server and you want to mount it to a different mount point to copy. There will be a challenge for you. Since the backup snapshot will have the same UUID with the existing file system , you will not be able to import it. YouRead More →

In ASP.Net, ViewState is used to store the state of your web page controls between post backs. You can see this value by viewing the html source code and search for ViewState. This value is encrypted by default to prevent tampering and maintain its integrity. There are 2 encryption levels: base64 and 3DES. The setting is control in this config: viewStateEncryptionMode If it’s encrypted with base64 you can easily decrypt, if it’s 3DES, there is no way as i know so far.Read More →

You setup a new website, everything looks good. You were advised to setup a probe to monitor your application. You did, days by days the application works great, you look at your monitoring report , things are normal. One day, you receive an alerts saying your application is not accessible. When you visit your application, it seems fine. Something wrong with the monitoring you setup? It could be , but if you take a deep dive , you see that your application is receiving a huge load from random IPs. You know that there must be something wrong going on, when you review all theRead More →