Captcha on Login

Question

Captcha on Login

matrop opened this issue a year ago · 1 comments

Hello there!

When I try to perform a login with the same code that worked yesterday, I get an error prompting me to a captcha site. I understand that this happens, since TooGoodToGo thinks my script is a robot (which is true), but this seems to happen on an irregular basis.

I get the captcha regardless of using me email to login or the cookie + token combo:

crediential = {
    "user_id": "<my user id>",
    "cookie": "datadome=<my cookie>; Max-Age=5184000; Domain=.apptoogoodtogo.com; Path=/; Secure; SameSite=Lax",
    "access_token": "<my access token>",
    "refresh_token": "<my refresh token>",
}

client = TgtgClient(**crediential)
client.login()

Results in:

TgtgAPIError: (403, b'{"url":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAVUuV51PEbXEAWQAFmg==&cid=4m-mJjb4PPURahs6eSkjtgZ5ldHwUi51z5g3-c835hlHrq1X3LLw154_EgdILTaNvqD9h~nBytUHwvKFU5UO4lAOugu~6Qh59Hl7O~83cfFzqcyxOzfj3rXcIBBTyMRB&referer=https%3A%2F%2Fapptoogoodtogo.com%2Fapi%2Fauth%2Fv3%2Ftoken%2Frefresh&hash=1D42C2CA6131C526E09F294FE96F94&t=fe&s=35558&e=4d25cb5042605d33347e9eb3630fa1959a859af2712e2ae7db2b2157553ea454"}')

How can I avoid being prompted to the captcha? Until now the only solution I found was to use mitmproxy to read the traffic of my android emulator, login again using the emulator and searching for access token, etc. in the network packages in mitmproxy.

Thanks for your help!

Answer 1 · 2023-05-11T19:04:43.000Z

I've been able to reproduce this consistently, maybe this will help others with a similar issue. The process is the following:

I use mitmweb to monitor the traffic of the Android emulator to the Tgtg API
I fetch Bearer-Token, Refresh-Token, Cookie and User ID and hardcode them in a script
So far, everything works -> Cool
When I shutdown and restart the Android emulator (Cold-Boot), I get the captcha error

This is likely due to the cookie changing, as my code works again, when I go through the newly monitored traffic (after the Cold-Boot) and replace the old hardcoded cookie value with the new one, i.e. datadome=.... This does not solve the issue per-se, but at least it's more transparent what could be the reason.

In case you want a more detailed guide on how to monitor the Android emulator traffic, let me know. So far, I more or less followed the explanation in #215, but it's a bit tricky.