Hacker News new | ask | show | jobs
by _lvbh 625 days ago
> you can use a browser with JS to grab the cookie, then feed it to httrack headers

They also check your user agent, IP and JA3 fingerprint (and ensures it matches with the one that got the cookie) so it's not as simple as copying some cookies. This might just be for paying customers though since it doesn't do such heavy checks for some sites
2 comments
alganet 624 days ago
Dude. Cookie is a header, user agent is a header, ja3 is a header. It's the same stuff.

These protections are against ddos attacks, botnets, large crawling infrastructures that can lose by having to sync header info.

If you're just a single tired dev saving a website because you care about some content, none of this is a significant barrier.

link
_lvbh 624 days ago
Dude. JA3 is a your TLS fingerprint. Most libraries don't let you spoof it. The annoying thing is that with new versions of Chrome and Firefox, JA3 is randomized per session so it changes every time. You need to intercept the request in Wireshark to get it.
link
freedomben 625 days ago
Seconded. It seems to depend on the sites settings, and those in turn are regulated heavily by subscription plan the site is on.
link