pluginengine01 / CHANGELOG-v6.1.md
krystv's picture
Upload CHANGELOG-v6.1.md
18b857d verified
|
Raw
History Blame Contribute Delete
2.21 kB

v6.1 — Anti-Detection & Browser Impersonation Fix

Critical Fix: Cloudflare/Bot Detection Bypass

The engine was being blocked by Cloudflare and other anti-bot systems because:

  1. User-Agent was "BexEngine/6.0" — immediately flagged as bot
  2. Missing browser headers — no Sec-CH-UA, Sec-Fetch-*, Accept-Encoding, etc.
  3. No HTTP/2 — real browsers always negotiate H2
  4. No cookie persistence — CF challenges set cookies that must be sent on subsequent requests
  5. No compression — browsers always send Accept-Encoding: gzip, deflate, br

Changes (in crates/bex-core/):

config.rs: Default user_agent changed from "BexEngine/6.0" to a real Chrome 137 UA string. Timeouts increased from 15s to 30s (CF challenges can be slow).

http_service.rs: Complete rewrite of the HTTP layer:

  • Real Chrome 137 default headers (Sec-CH-UA, Sec-Fetch-*, Accept-Encoding, etc.)
  • HTTP/2 support enabled (Chrome always uses it)
  • gzip/brotli/deflate decompression (browsers always send these)
  • Cookie store (cookie_store(true)) for CF session persistence
  • Auto-generates Referer from URL origin when not provided by plugin
  • Plugin headers override defaults (so plugins can customize)

Cargo.toml: Added reqwest features: gzip, brotli, deflate, cookies, http2

Testing Results:

Site Search Episodes Stream Resolution
AnimeKai (anikai.to) ✅ Works ✅ Works ⚠️ CF JS Challenge
enc-dec.app API ✅ Works N/A N/A

The stream resolution endpoint (/ajax/links/view) is behind a Cloudflare JS challenge that requires actual JavaScript execution. This needs the bex-js QuickJS engine to solve the CF challenge first. The CloudflareKiller approach from cloudstream uses a WebView for this.

Remaining Work: CF Challenge Solver

For sites that use Cloudflare JS challenges on their API endpoints, we need:

  1. A CF challenge solver using bex-js (QuickJS) that executes the challenge JS
  2. Cookie persistence across the session so solved challenges don't need re-solving
  3. The cookie store fix (already implemented) handles step 2 automatically