fix(browser_login): add CDP-based __zp_stoken__ hydration as fallback#22
Open
ParkerLLL wants to merge 1 commit into
Open
fix(browser_login): add CDP-based __zp_stoken__ hydration as fallback#22ParkerLLL wants to merge 1 commit into
ParkerLLL wants to merge 1 commit into
Conversation
QR code login cannot obtain __zp_stoken__ because the cookie is
generated by Boss Zhipin's client-side JavaScript on page load.
The existing Camoufox headless browser approach is sometimes detected
and blocked by Boss's anti-bot fingerprinting.
Add _hydrate_stoken_via_cdp() which connects to a real Chrome instance
via Chrome DevTools Protocol (port 9222), navigates to zhipin.com, and
harvests the cookie after JS runs. A real browser session is not
subject to headless-browser fingerprint checks, making this approach
more reliable.
The new strategy in browser_qr_login() is:
1. Try CDP (real Chrome on port 9222) — most reliable
2. Fall back to Camoufox — works when Chrome is not available
3. Log a clear hint if both fail, directing the user to launch Chrome
with --remote-debugging-port=9222
The CDP path requires websocket-client (optional dependency) and is
silently skipped when the package is absent or Chrome is not running.
Fixes jackwener#21
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Fixes #21
QR code login successfully obtains
wt2,wbg, andzp_atcookies, but cannot obtain__zp_stoken__because it is generated by Boss Zhipin's client-side JavaScript on page load — not returned by any HTTP endpoint.The existing Camoufox headless browser fallback is sometimes detected and blocked by Boss Zhipin's anti-bot fingerprinting, leaving users without
__zp_stoken__and unable to use thesearchcommand.Solution
Add a Chrome DevTools Protocol (CDP) hydration path that connects to a real Chrome instance the user already has running, navigates to
zhipin.com, and harvests__zp_stoken__after the page's JavaScript executes.A real browser session is not subject to headless-browser fingerprint checks, making this approach significantly more reliable.
New strategy in
browser_qr_login()localhost:9222, navigate tozhipin.com, extract__zp_stoken__(most reliable, real browser)New function:
_hydrate_stoken_via_cdp()urllib.request,json,time) + optionalwebsocket-clientwebsocket-clientis not installed or Chrome is not runningUsage
Launch Chrome with the debugging port before running
boss login --qrcode:Then install the optional dependency and log in:
Test plan
__zp_stoken__obtained via CDPwebsocket-clientinstalled → CDP silently skipped, Camoufox attemptedboss searchworks after CDP-assisted login🤖 Generated with Claude Code