In the modern web, it’s not a surprise that your application can become a target for a lot of different visitors and not all of them are human beings, of course. There are plenty of automated guys around: from good-old search engine robots to sophisticated armed to the teeth bots, scrapers, scanners, and so on.
To protect applications from all the bad robots, anti-bot solutions come into play, and one of the most popular ones is the Imperva Incapsula Advanced Bot Protection solution.
What’s the incapsula-cracker project?
But, it’s always a big and popular question – how to bypass it? Bot-makers and anyone who tries to use any bots always plays in cat and mouse with antibot solutions. To answer this question in general, several projects exist, one of the oldest ones is an incapsula-cracker (https://github.com/ziplokk1/incapsula-cracker-py3).
As for now, incapsula-cracker is not up-to-date and can not cover up all the solution’s changes, but the idea behind this and the way of bypassing is really interesting and still the same – and that’s what we are looking forward to.
More interesting is that the community around it is really passionate about the way of solving the problems, their discussions and thoughts about “how to solve it better” can be seen in the issues with a lot of technical details:
The other community project incapsula-bypass
What motivates the community?
The most interesting thing here is the motivation and interest of the community in the cracking of it in general – it’s not about an Imperva at all, it’s about the process. A lot of discussions about re-implementation can be seen in issues, a lot of improvements or reverse-like solutions were proposed by the community – and now, even when some of the solutions don’t work or update anymore, it’s still can be seen that interest in it is not over.
But as for now, unfortunately, it becomes more commercial and not so open-source as it was before – currently, solutions with improvements and fixes can be seen on the markets (for example, https://bhf.im/threads/609788/). Basically, some of them is a modified version of the original ones open-source solutions from GitHub, but with some new features and additions.
In conclusion, it’s worth saying that this kind of solution exists for mostly all of the bot solutions, and the difference here only in the answer for the question: “How complicated and hard would it be to break through it?”