Request to https://stake.com/_api/graphql returns 403 on Node.js

[alissonb13]

I have a request to URL  https://stake.com/_api/graphql and when I do this request from a tag script inside of a html file a got a return, but when I use the same code inside of a node.js script I got a 403 error.

I attached my code in this post. 

Please, if someone know how to solve that, let me know. 

[tourmz]

Hi I am having the same issue, I created a js file on my mobile using code editor which uses Eruda browser to run the script and it worked great however I would like to host the script on Linode as my connection is not reliable and I was losing games to network issues. I have 'ported' the script to Nodejs and am also receiving 403 Forbiden error.

I am thinking of trying to use puppeteer-fetch , I will keep you posted.

Please let me know if you have solved this though, as I would prefer to use Nodejs without Chromium.

[tourmz]

I managed to get it working using puppeteer thanks to this post

 

It didn't work at first so I changed a few things:

 

import { launch } from 'puppeteer';

async function main() {

const browser = await launch({

args: ["--enable-features=NetworkService", "--no-sandbox"],

ignoreHTTPSErrors: true

});

const page = await browser.newPage();

 

await page.setRequestInterception(true);

 

page.once("request", async interceptedRequest => {

interceptedRequest.continue({

method: "POST",

headers: {...interceptedRequest.headers(),

'authority': 'stake.games',

'accept': '*/*',

'accept-language': 'pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7',

'cache-control': 'no-cache',

'content-type': 'application/json',

'Cookie': '<***YOUR COOKIES HERE***>',

'origin': 'https://stake.games',

'pragma': 'no-cache',

'sec-ch-ua': '"Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"',

'sec-ch-ua-mobile': '?0',

'sec-ch-ua-platform': '"linux"',

'sec-fetch-dest': 'empty',

'sec-fetch-mode': 'cors',

'sec-fetch-site': 'same-origin',

'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36',

'x-access-token': '<***YOUR API TOKEN HERE***>'

},

postData: JSON.stringify({

query: `query {

crashGame {

...MultiplayerCrash

}}

fragment MultiplayerCrash on MultiplayerCrash{

status

crashpoint

}`,

variables: {}

})

});

});

 

const response = await page.goto("https://stake.games/_api/graphql");

var data= await response.text();

try {

handlejson(JSON.parse(data));

} catch (e) {console.log(e);}

//console.log(data);

await browser.close();

}

 

const interval = setInterval(()=>{main();},1200); //setinterval to api calls

 

function handlejson(data){

console.log(data.data.crashGame.status); // do something here with our data

}

 

 

[tourmz]

Hi, installation was not straightforward and I get an error from tough-cookies dependency.

On 5/20/2023 at 8:46 AM, XYZ said:

StakeAPI is prevented from being automated by Cloudflare.
Chrome's fetch and Node.js have a different thing called TLS Fingerprint, so access from Node.js is detected and blocked.

So to bypass TLS Fingerprint and access the Stake API in Node.js, simply make a request using the package below.

https://www.npmjs.com/package/tls-client

> const TlsClient = require('tls-client')
undefined
> await TlsClient.get('https://stake.com/')
Response {
  url: 'https://stake.com/',
  ok: true,
  status: 200,
  reason: 'OK',
  raiseForStatus: [Function (anonymous)],

 

On 5/20/2023 at 8:46 AM, XYZ said:

StakeAPI is prevented from being automated by Cloudflare.
Chrome's fetch and Node.js have a different thing called TLS Fingerprint, so access from Node.js is detected and blocked.

So to bypass TLS Fingerprint and access the Stake API in Node.js, simply make a request using the package below.

https://www.npmjs.com/package/tls-client

> const TlsClient = require('tls-client')
undefined
> await TlsClient.get('https://stake.com/')
Response {
  url: 'https://stake.com/',
  ok: true,
  status: 200,
  reason: 'OK',
  raiseForStatus: [Function (anonymous)],