NotHereToPlayGames Posted Sunday at 10:36 AM Posted Sunday at 10:36 AM (edited) 12 minutes ago, Dave-H said: You've probably already looked at this, but there's some information here about possible causes of challenges looping. https://developers.cloudflare.com/cloudflare-challenges/troubleshooting/challenge-solve-issues/ I have seen that and many like that. No help in my case. My city utilities billbay has more locks than FORT KNOX (kind of a USA slang phrase). All I can really assume at this stage is that certain servers across the country receive Cloudflare "updates" BEFORE other servers. The infinite loops that happen on my city utilities billpay EVENTUALLY occur on Google Search also, but usually about THREE WEEKS later. Edited Sunday at 10:37 AM by NotHereToPlayGames
NotHereToPlayGames Posted Sunday at 10:49 AM Posted Sunday at 10:49 AM While we all "hate" Cloudflare, one does have to admit that they are *GREAT* at "what they do", they really are! Those types of suggestions to prevent challenge issues always have something like this: And if you look into "supported by Turnstile" documents, you will find this: That's it, only TWO previous major versions. TWO !!! So yeah, Supermium is EXTREMELY outdated if we want to go by those "requirements". 1
Dave-H Posted Sunday at 11:09 AM Posted Sunday at 11:09 AM They do say they support ESR versions of Firefox. It's a shame they don't seem to have the same beneficence towards the Chromium equivalent, which Supermium is based on. 1
NotHereToPlayGames Posted Sunday at 11:19 AM Posted Sunday at 11:19 AM Agreed. But I submit this - go to your BANK'S website. I guarantee they say that the minimum is the LATEST and/or the CURRENT. I just did that for my current bank and my previous two banks, all three use the exact word of THE LATEST as being their "minimum". Granted, I would do that to if I was the department creating those online documents. By saying THE LATEST, you NEVER have to update that document! 1
NotHereToPlayGames Posted Sunday at 11:22 AM Posted Sunday at 11:22 AM Although, having said that, that is one of my biggest gripes with Cloudflare. I've NEVER had an ONLINE BANK ACCESS request ANY form of "captcha". And only ONE of my billpay sites. ONE. Biggest pain in the arse website I've ever had to historically deal with.
Dave-H Posted Sunday at 11:35 AM Posted Sunday at 11:35 AM I've never had captchas on any of the banking sites I use either. They mainly rely on sending a login code, either by SMS text to your mobile or by e-mail.
user57 Posted Sunday at 03:35 PM Posted Sunday at 03:35 PM On 5/30/2026 at 11:44 AM, NotHereToPlayGames said: I'm not exactly a "stupid person" (how many people do you know that can FAKE CLIENT HINTS). I'm telling you, IT CAN'T BE DONE. I've been on dozens of sites that are smarter than me and they can't do it either. IT CAN'T BE DONE. first : did you change the client hints (all)? second : why would someone cloudflare whatever not use both (user agent, and client hints) - sounds the most simple solution to me third: its not possible to hide it some outside java.dll or something. the executable/browser/chrome has to give that values to the next engine (whatever it is winhttp, winsock, maybe something else? - nobody cares) if this would not be the case every chrome version could not give it to something next so it must be in chrome itself - its rather about finding where these values are handled - and then being changed forth: you have shown a nice skill, why it actually would fail on something like this ? you litterally got the code around and the compiler search functions can find something like this - the rest is about compiling and testing (there are test websites also for the last part)
EliraFriesnan Posted Sunday at 04:20 PM Posted Sunday at 04:20 PM 2 hours ago, user57 said: why would someone cloudflare whatever not use both (user agent, and client hints) - sounds the most simple solution to me @NotHereToPlayGames didn't provide any actual proof that client hints are the real culprit, To me it seems he's just guessing based on the old research made my @Dixel.
EliraFriesnan Posted Sunday at 04:27 PM Posted Sunday at 04:27 PM 6 hours ago, Dave-H said: I've never had captchas on any of the banking sites I use either. They mainly rely on sending a login code, either by SMS text to your mobile or by e-mail. They started to change this rather recently. I couldn't even pay for the purchases from a nearby coffee shop. My account got blocked due to the "suspicious activity", Mandatory "two step" verification had beeen introduced in many banks. I had to go to the bank myself to unlock it, it took several days, so I roughen up them a bit. Just a bit, well, actually I made a huge scandal and closed my account. I now buy all offline, paying cash. Supermium will not suffice being half a year old.
NotHereToPlayGames Posted Sunday at 04:27 PM Posted Sunday at 04:27 PM (edited) True, I do not know if client hints are the real culprit. I only know that UA is *not*, that CH is *not*, and that both combined are *not*. FALSE, I do not now, nor have I ever, relied on "research" of any kind from ANY member herein that begins with a *D*. That is your obcession, not mine! Edited Sunday at 04:28 PM by NotHereToPlayGames 1
EliraFriesnan Posted Sunday at 04:29 PM Posted Sunday at 04:29 PM 7 hours ago, Dave-H said: Supermium is based on Do client hints and UA match in Supermium? From what I remember, no, Supermium pretends to be newer via UA.
user57 Posted Sunday at 04:33 PM Posted Sunday at 04:33 PM but that is not some kind of joke ? why would it be a problem to changes a few lines of code if (has_unwanted_user_agent) close_connection(); if (has_unwanted_client_hints) close_connection();
Dave-H Posted Sunday at 05:31 PM Posted Sunday at 05:31 PM 59 minutes ago, EliraFriesnan said: Do client hints and UA match in Supermium? From what I remember, no, Supermium pretends to be newer via UA. What do you reckon? The only spoofing I can obviously see is that Supermium 144 is saying I'm on Windows 10 when I'm actually on XP. Not sure what 'platform version 19.0.0' means.
NotHereToPlayGames Posted Sunday at 05:42 PM Posted Sunday at 05:42 PM 7 minutes ago, Dave-H said: What do you reckon? From what you just showed, THEY DO NOT MATCH. Your old-school user agent says you are on a 64bit machine, your client hints says you are on a 32bit machine. ie, the BITNESS content. Do not go by the "x86" listed in "arch", that is SUPPOSED to be "x86" even on 64bit machines, it says it's in Intel or AMD, it will say "arm" if not on Intel or AMD.
NotHereToPlayGames Posted Sunday at 05:50 PM Posted Sunday at 05:50 PM For what it's worth, Supermium showing a BITNESS of 32 is a DEAD GIVEAWAY. Chrome has not released a 32bit version since 2018 with v69. At least by default, the user had to jump through some major hoops to obtain a 32bit version.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now