I am trying to use a none browser method to fetch a webpage and API. I use Chome incognito mode and request the site and view the request in the inspector and "copy as cURL".
I paste the command in a terminal window and run but get blocked by Cloudflare with a return code of 403.
I look in Proxyman and the request looks identical.
This is a recent change on the target site or Cloudflare side as I was able to curl to their pages and API not issue until 2 days ago.
I can, however, "copy as cURL" in Proxyman and run the cURL command and it works with the only difference being --proxy http://localhost:9090is added to the end of the request. While Proxyman is running it runs this proxy. Shouldn't this mean I should be able to run the cURL command somehow without the Proxyman's proxy?
Things I've tried.
Ran with cURL on the command line. (doesn't work)
Ran with cURL in codeRunner. (doesn't work)
Ran with cURL with PHP curl with identical headers. (doesn't work)
Re-ran cURL request in Proxyman from failed cURL request on the command line. (works)
Used VPN and retried all the above. (same results)
ssh'ed into 2 different remote servers a retried all the above cURL commands (doesn't work)
For the failed calls they are all Cloudflare blocking with 403 status.
Again, this is new behavior as I was using these methods fine before a day or two ago. I assume WAF strong request fingerprinting is being used or something. Please let me know if I am missing any crucial step or other methods I can try.
A related question I tried was here
