Datadome

Description

• Parameter invocation is very complex

• When you see datadome in cookies, it means datadome verification exists, with three cases, for example:

  • When you want to access https://www.vinted.com/, use proxy to request https://www.vinted.com/:

    • Status code is not 403 (seamless mode):

      • Open f12 and check if there are URLs ending with /js/ and API response similar to:

        Copy

        {
        "status": 200,
        "cookie": "datadome=66wPBABk21P4x28BLuVse__8_z141EPJEjbgi1HBvNGBcHmX91OT1Z9Z63G4x_suPlRPQ_tgwljYmI5mWxpmkMJ3pKrcnAVKHZs2ymS_2O4nM5wEblvP~~nK3orSol0W; Max-Age=31536000; Domain=.soundcloud.com; Path=/; Secure; SameSite=Lax"
        }

        For seamless verification type, you must pass js_url (the URL ending with /js). This mode will return a did parameter in the extra field of our API response, which is very important for subsequent datadome verifications on this page!!!

      • If the homepage is seamless mode, then subsequent key data APIs (such as login, query, etc.) will carry the datadome cookie and return a response similar to:

        Copy

        {
        "url": "https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAqpOrr0GfIWgAudQ9Vg==&cid=w9vlJ4Xaf117hm82ORPnno7AnVvPPCoZ2gCDLj~Nch09ENObNXSzDWFekvMpp8ScynMSrB3~jsXcFtU9Y8mhOUscfnu1k_a~4_GMyGRE29_Gy~skFDqfX8tQJv1Va5Fv&referer=http%3A%2F%2Fapi-auth.soundcloud.com%2Fweb-auth%2Fidentifier%3Fq%3Desbiya1%2540gmail.com%26client_id%3D1q3v4x1lu3DpcWb4fAz0urivByipMEMK&hash=7FC6D561817844F25B65CDD97F28A1&t=fe&s=48134&e=faa8c1fb03676ac05d3bbe1d876a2d60168a7a2bab3adb5366483fc829465498"
        }

        To bypass this captcha, you need to pass href (current browser page URL), captcha_url (the URL in the response), as well as the did parameter returned by seamless mode, and cookies: {"datadome": 'datadome from seamless mode'}. This means if you use the datadome cookie from seamless mode to access your target data API and get slider or device captcha mode again, you need to pass href, captcha_url, did, cookies.

    • Status code 403 (device verification mode):

      • If entering the target page directly redirects to device verification page or after bypassing slider captcha you are redirected to this verification, then it’s interstitial device verification mode, please pass parameter interstitial: true

    • Status code 403 (slider captcha):

      • If entering the target page directly redirects to slider captcha page, then it’s captcha slider captcha mode

  • In short, first request your target page URL, if status code is 200 use seamless mode, if 403 use captcha mode, similar to the following pseudo-code:

  Copy

  # Request target page href
  resp = session.get(href, headers=headers)
    
  # Status code 200 is seamless verification mode
  if resp.status_code == 200:
      res = DatadomeCracker(
          user_token=USER_TOKEN,
          href=href,
          user_agent=user_agent,
          js_url="https://dd.vinted.lt/js",
          js_key=js_key,
          proxy=proxy,
      ).crack()
  # Status code 403, specify interstitial as true to ensure bypassing all datadome captcha modes encountered, get final valid datadome
  elif resp.status_code == 403:
      res = DatadomeCracker(
        user_token=USER_TOKEN,
          href=href,
          user_agent=user_agent,
          interstitial=True,
          proxy=proxy,
      ).crack()

Request URL (POST):

Request Headers:

POST Data (JSON):

Response Data (JSON):

Successful Response

{
  "status": 1,
  "msg": "验证成功",
  "id": "639e056b-49bd-4895-94ab-68d59e00873e",
  "cost": "4635.12ms",
  "data": {
    "datadome": "HYvnTVSxppxMMrSk_Z_MOHoSKkQRd2ppQr~pOeo2nDlL7Lg7QBwb2ew5OYQxSSSH1CR9NzO78A25KHM7kLV6OydtvwvJZ773Jil1mPC7ZoFSQQDrDYVeHZtjq_BWUai6"
  }
}