oh. just had a shower thought. i know what the hole in tartarus would be:
this line in the script (122):
curl -s -b "$COOKIE_FILE" -c "$COOKIE_FILE" -X POST \
you can populate that value by hand with a valid cookie instead of using a cookie jar (line 112)
just 1) use firefox normally, and pass the tartarus test
then turn on developer tools, right click any link, copy as CURL
and that gives you a "curl" command you can use to fix "xss.sh" , containing a "Cookie" line that gives you those variables for ttrs_clearance and xf_csrf
cookie ID and a csrf that will work in the script, ie:
curl '
https://kiwifarms.st/threads/xenfor...fo-without-a-court-order.246130/post-24588809' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:151.0) Gecko/20100101 Firefox/151.0' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Accept-Encoding: gzip, deflate, br, zstd' \
-H 'Sec-GPC: 1' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-User: ?1' \
-H 'Connection: keep-alive' \
-H 'Cookie: ttrs_clearance=ZZZZZZZZZZ; xf_csrf=zzzzzzzzzzzzz'
and now "tartarus" cant do shiiiiiiiit to stop automated posting or slow loris.
These are from the same thread.
