Upload to csgostats not working

[mammuth]

There is a parse error when parsing the response from csgostats. First, I assumed that the uploads work nevertheless, but the upload of the share codes isn't working.

 Uploading Demo ShareCodes to https://csgostats.gg/:


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).


Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).

[jakoch]

Hey Max!

Thank you for raising the issue.
Seems they reworked the website a bit.
I quickly glanced over the request & response headers, after sending a POST request to the site.
Nowadays there is some http/2 and h3/alt-svc negotation going on,
which could be an issue for the (old) version of curl i compiled and linked against.
I'm not sure where the issue is exactly. It could also be the cloudflare protection.

Todo

• pinpoint issue
  • by recording and analyzing POST request & response headers to the website
  • create working curl command for POSTing from CLI
• update 3th party dependencies
  • curl
  • steam sdk (unrelated, but while i'm at it )
  • csgo protobufs (unrelated, but while i'm at it)
• fix ShareCodeUpload

[jakoch]

curl version

E:\tools\curl>curl --version
curl 7.72.0 (x86_64-pc-win32) 
- libcurl/7.72.0 
- OpenSSL/1.1.1h (Schannel) 
- zlib/1.2.11 
- brotli/1.0.9 
- zstd/1.4.5 
- WinIDN 
- libssh2/1.9.0 
- nghttp2/1.41.0
Release-Date: 2020-08-19
Protocols: 
dict file ftp ftps gopher http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: 
AsynchDNS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile MultiSSL NTLM 
SPNEGO SSL SSPI TLS-SRP Unicode UnixSockets brotli libz zstd

Request

  curl "https://csgostats.gg/match/upload/ajax" ^
  --resolve csgostats.gg:443:104.18.75.107 ^
  -H "accept: application/json, text/javascript, */*; q=0.01" ^
  -H "x-requested-with: XMLHttpRequest" ^
  -H "user-agent: Mozilla/5.0 (compatible; v1.2.3)" ^
  -H "content-type: application/x-www-form-urlencoded; charset=UTF-8" ^
  -H "accept-language: en-US;q=0.8,en;q=0.7" ^
  -H "connection: close" ^
  --data-raw "sharecode=CSGO-WSACM-qX5Gv-ikbi3-Z6uOW-TGwPB" ^
  --compressed --http1.1 --no-alpn --no-npn --verbose

Response

{"status":"complete","data":{"msg":"Complete","index":null,"sharecode":"CSGO-WSACM-qX5Gv-ikbi3-Z6uOW-TGwPB","queue_id":3895818,"demo_id":3842461,"url":"https:\/\/csgostats.gg\/match\/3842461"},"error":0}

Notes for myself

These things solve the issue:

• lowered http negotiation to http/1.1 and disabled ALPN's & NPN negotations
• actually, removed sending a cookie !!
  • which implies that we don't need the pre-flight get request anymore? check

These things are nice to have in the cli tool, too:

• prepopulate dns-cache
• added connection close, not needed, but being nice to server here
  • add "connection close" header when sending the last new sharecode

ez game^^

[mammuth]

Great debugging @jakoch, thanks for your engagement! 🎉

[jakoch]

@mammuth hey! please give this a try: https://ci.appveyor.com/api/buildjobs/yhm2l3stk05tb8md/artifacts/csgo-cli.zip

[mammuth]

I will test it shortly, thank you!

[mammuth]

Hi @jakoch , I see the following errors when running csgo_cli.exe -matches -upload

 Uploading Demo ShareCodes to https://csgostats.gg/:

  Uploading ShareCode: CSGO-bsyBJ-wPLR8-eyvTH-snKLj-q4yUO

Error(offset 0): Invalid value.
<

Error: Could not parse the response (to the demo sharecode POST request).

[jakoch]

Hey Max!

Please give this another try: https://github.com/jakoch/csgo-cli/releases/tag/v1.2.0

[mammuth]

Hi Jens, v1.2.0 results in the same error as previously.

[jakoch]

This one works in debug&release mode for me: https://ci.appveyor.com/api/buildjobs/eluxvqac9iqa0kev/artifacts/csgo-cli.zip

[mammuth]

I just realized I can use -verbose. Looks like all my requests are caught by Cloudflare 😏
I also tried it with a fresh IP 🤔

In a browser, I can access https://csgostats.gg completely fine.

Error: Could not parse the response (to the replay sharecode POST request).
 Uploading ShareCode: CSGO-ojXfE-dYM3V-y3M5V-o2xVn-iNBYN
* RESOLVE csgostats.gg:80 is - old addresses discarded!
* Added csgostats.gg:80:104.18.76.107 to DNS cache
* RESOLVE csgostats.gg:443 is - old addresses discarded!
* Added csgostats.gg:443:104.18.76.107 to DNS cache
* Hostname csgostats.gg was found in DNS cache
*   Trying 104.18.76.107:443...
* Connected to csgostats.gg (104.18.76.107) port 443 (#7)
* schannel: added 138 certificate(s) from CA file 'cacert.pem'
* schannel: connection hostname (csgostats.gg) did not match against certificate name (*.csgostats.gg)
* schannel: connection hostname (csgostats.gg) validated against certificate name (csgostats.gg)
> POST /match/upload/ajax HTTP/1.1
Host: csgostats.gg
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US;q=0.8,en;q=0.7
User-Agent: Mozilla/5.0 (compatible; csgo_cli/1.2.0; https://github.com/jakoch/csgo-cli)
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 52

* upload completely sent off: 52 out of 52 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Sat, 07 Nov 2020 22:46:40 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: close
< CF-Chl-Bypass: 1
< Set-Cookie: __cfduid=d006bdbaac9aeb36f835b60a9afc66c3e1604789200; expires=Mon, 07-Dec-20 22:46:40 GMT; path=/; domain=.csgostats.gg; HttpOnly; SameSite=Lax; Secure
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< X-Frame-Options: SAMEORIGIN
< cf-request-id: 06467cfd9300001e61e70e4000000001
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Set-Cookie: __cf_bm=e481879c9e48536c74b71ac528f285492ee54b4f-1604789200-1800-ARPM9Rx4jGJHMPLOAcAovBtwyAK568okNfsCsJq0feYY+ll+jZe2hgiY/m5FjImnbqJuJHm9vCQLPtDy0UT0H7Y=; path=/; expires=Sat, 07-Nov-20 23:16:40 GMT; domain=.csgostats.gg; HttpOnly; Secure; SameSite=None
< Server: cloudflare
< CF-RAY: 5eea9775b9fb1e61-MUC
<
* Closing connection 7
* schannel: shutting down SSL/TLS connection with csgostats.gg port 443


[LOG] [UploadShareCode] [POST Request] ResponseContent:
---
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta name="captcha-bypass" id="captcha-bypass" />
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->




<style type="text/css">
  #cf-wrapper #spinner {width:69px; margin:  auto;}
  #cf-wrapper #cf-please-wait{text-align:center}
  .attribution {margin-top: 32px;}
  .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; }
  #cf-wrapper #challenge-form { padding-top:25px; padding-bottom:25px; }
  #cf-hcaptcha-container { text-align:center;}
  #cf-hcaptcha-container iframe { display: inline-block;}
  @keyframes fader     { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
  #cf-wrapper #cf-bubbles { width:69px; }
  @-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
  #cf-bubbles > .bubbles { animation: fader 1.6s infinite;}
  #cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;}
  #cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;}
</style>
</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="challenge_headline">One more step</h1>
        <h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> csgostats.gg</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight cf-captcha-container">
        <div class="cf-wrapper">
          <div class="cf-columns two">
            <div class="cf-column">

              <div class="cf-highlight-inverse cf-form-stacked">
                <form class="challenge-form" id="challenge-form" action="/match/upload/ajax?__cf_chl_captcha_tk__=66e5148f31bff08f0f07695974a0ed8e99ea789e-1604789200-0-AfNYb02ViKdCW2DB7crYXRPk9imGJ-ysyF-5R3h-0gAz7JP7Vg3mD_38Rq2iHTmput6zcyYGJodocJ78qJJWI6TuKdfTbKxHL6zNWxQN4aBqM5wBfcRp6UEoGTUukP8EA9VkgTjNMxeNl7wesewRtp89QNf2sy76nsym6FOjwbdOO9N1oZMPFJaieoWp3JJEsjhf1lVYqW1hYIzhM5GA3T-tT3o-rpalHiZbQcP5nEHjCHF8I9ZRY6zfHDh5TDjvoj8c_u-P_Ah3sfrhcUju1cJ6fRLRtHyHmR6digKCe5UMtkWgyWNPFt3bbIc7nlomOa78At18NoZSpx4mn8QS0CpE_lPbjmKE_feZ8b1p1pLkTGyY5-ZJ7HDU466iJ0ixfpAziDXUUCNW1h2nTtnVGQfWJ6kBnBJSn3SklWTjrs3FgbSjoqId5lY3xmQnUisYGKoPxz0ouMuVYilF523Krqwe1LVRBVHnVPamxZVrMC9qyvfsVZZl7dZDUEsDoQylPYZEoVxhz-rpD537-kNfUbcrF-CwRVPJkCULkSLc7lJ5KgjyIk9w2SZxAFUeOOnCvQ" method="POST" enctype="application/x-www-form-urlencoded">

  <input type="hidden" name="r" value="88df1a26f1786a6501f989bcb0b1ff2963dddde0-1604789200-0-AZdIeIM8dyJivhPPYGpc9m9k+H2JiuUbDuwCJDu/YHedvoTcGfeY8CQLpjO7vHlRRqNlKv5QY9bzHiHMSKWQ3LTpks6cKYx1y6Z9Ik7ATcJIxvggYy22TTQshq6HjnZ3cNfpJRRif0JgxFTzHX1/4RnWrKZvf57JP5S2oEvP4ujvTuNyl1O3mBB/HZVY9TV/FRENv1u4WgD91wV5VumO6VuJQtmv20sZQW/UNqHiMRHhOnN+85KHFz7txKtCK9uj12g8DD/I9SYXYEYqlpiVRFmG5AfSVgtk6vqkCucUABgXQHY4DS0k5b/Ss98jIzn9Z6BJDNGWgJ+/8KfvxK4XfUUtAt5AsoxljF3MIT4ZJ15Ni82T66Epk8ZaqYOKuNWz+HHSyQ8DfoNcptKlxP/A0937vr9Gr6jg3MfOe+sEqZPmvzWuvV2E0fdr0siqC7RDgslrfJoDm39Xviq9e+BQw3/c0jGCg0bUYPc2UjyK+LcKmRjtzOaFM5CJ15MCF2P+9CtLX9EgyA5BgoGFvoyxmvRPB9adPMFTOEe31RwDXrrRhwiKdte3jloiS4hMvqbT+elPfp8HGVN0RdVzVwmZewIUp1NL+ufhh23pInPlOMQArxpxKkmx2AuFjfOwyGb3wdNzyhGUPtnCIJE5W6SxiTO7uoNyO6WGI5N203cRcdtVhkCzXZ06zmGJIVl6wozu1CPtMud6F9hS7bew7P0tXZq4LxwyVyQE9hqlz3wC2x3ALOhJxvAiOdWoN2fpxyZhTZbbAxjCQs1t1idn0BamBhbSxAGf9LP+kamnokR8ySgRcj34sSEtEFRvLCs053CFYjfFxrF74VJJOYCuFoJAj8+FKPasIs3rpr03nU+PinQ592Ih5dPKv7SYBatNP9ZNBTzknYA6xk/TTh89tcPoD/W41ScjtSAqe1aEa8iSiheGa8k0P/YXZ7pano9JbPrv5IxHpyCqrA3sDCoRR34NeYsdkhKhG5Re7O+VExda7S7ZXa/X6jaL8T5wLGE+yMvSd8rMTg1Mu16+t/YCMgkYsTKeb0V16xNEUza78ovuZNvc8K4wh2iVABL40KcQS/O+nukQx3OSquxj3vat2qf6n/jUpfxiXmuT6/Ot+RBWOy50jQFsvmiQcWE0Orb0KF/0dsDnSnwV2aVMR24v7KJwuACZvF0QwWZzo8h/ppJZPuXfiF7shNCkoaVBFijvhkoDDwm9tfvTEReRfiJjm9BBJk5NBQlgCkArb4HohlcLjw2lNbYRwlHzVo+wiXhLTbIVmXiRRSM2fmiPK6NzZkgEFiGhMWUyfQlThnU4lSQemVc4ueHM8nDQF8juG0VhguyWrpOg318j2l26vMDcg/4jMSMQnPr+T2vLFOhKhDQ97hgL3yR+yJpr6gEA4x9Z7rnRRscUCPg0+8JQREIAjMGnzeE6x4xweBTQj4mpyvSWm4Om8lJSQmt6JeqQZZpI3vTp4iuBdpdzMN2XWrcSvfaPnLA7Hag9Hsl8S4nN8gcLOw1FK2ie0emqxgWRRaDu/ZPGOyil5n6r6LtLAasxBcmy0Mx/liXpmEJ7DOYEKePQMgHzyzhN4ZVU0lOeNYWZYB8LWRk70u4TNtmFKW1NZtjJbpsyIwYcYdcx9vaFTmjd7e5ScWuzO1R7Uze1N0h5ufXNEicIl1S3YyMKdWLGLMeVdjKu8aF2WzbEVK+9COHjKErTOgKMLzwxZRGLlW2Doooe912Vly2yhWkYBkjZ2TA8KJL8Zf+rF07IUERbI76kHWXPs9RI6R/Qu5k1GHuuozFxikwKSCYmL1hkMRlGl3wAb5siw3403VEUh7PW5U7BTB9ZX0g7xyHsfpzghEOBBuVcGuLkC5V3BXreomcdwyVEVg/ZGOsp9TFjkh75avVkwQ/0Ff6/MYdoG5SbXPVM+0HhyQ==">
  <input type="hidden" name="cf_captcha_kind" value="h">
  <input type="hidden" name="vc" value="">

  <script type="text/javascript" src="/cdn-cgi/scripts/hcaptcha.challenge.js" data-type="normal" data-ray="5eea9775b9fb1e61" async data-sitekey="33f96e6a-38cd-421b-bb68-7806e1764460"></script>

  <noscript id="cf-captcha-bookmark" class="cf-captcha-info">
  <h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
  </noscript>
  <div id="no-cookie-warning" data-translate="turn_on_cookies" style="display:none">
    <h1 data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies.</h1>
  </div>
  <script type="text/javascript">
  //<![CDATA[
    var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
      b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
      b(function(){
        var cookiesEnabled=(navigator.cookieEnabled)? true : false;
        if(!cookiesEnabled){
          var q = document.getElementById('no-cookie-warning');q.style.display = 'block';
        }
      });
  //]]>
  </script>
  <div id="trk_captcha_js" style="background-image:url('/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=5eea9775b9fb1e61')"></div>
</form>

              </div>
            </div>

            <div class="cf-column">
              <div class="cf-screenshot-container">

                <span class="cf-no-screenshot"></span>

              </div>
            </div>
          </div><!-- /.columns -->
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2>

            <p data-translate="why_captcha_detail">Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="resolve_captcha_headline">What can I do to prevent this in the future?</h2>


            <p data-translate="resolve_captcha_antivirus">If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.</p>

            <p data-translate="resolve_captcha_network">If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.</p>



          </div>
        </div>
      </div><!-- /.section -->


      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">5eea9775b9fb1e61</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Your IP</span>: 93.104.73.13</span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>

  </p>
</div><!-- /.error-footer -->


    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->

  <script type="text/javascript">
  window._cf_translation = {};


</script>


</body>
</html>

---

Error(offset 0): Invalid value.
<
Error: Could not parse the response (to the replay sharecode POST request).

[jakoch]

Thank you for posting the verbose output! So, it's Cloudflare again. Oh my gosh... really?!

Sadly, i can't reproduce the issue (to work on it), because my requests are not blocked. Hmmmm...