The goal of this program is to report ways around DataDome protection by implementing a scraping bot.

DataDome publishes these websites dedicated to researchers:

• bounty-nodejs.datashield.co (documentation on implementation)
• bounty-fastly.datashield.co (documentation on implementation)
• bounty-nginx.datashield.co (documentation on implementation)

The technical challenge consists of scraping as much content as possible without being blocked by DataDome protection:

• Minimum scenario: scraping content should be: 20000 web pages in less than an hour.
• Medium scenario: 20000 web pages scraped in 30 minutes
• High scenario: 20000 web pages scraped in 10 minutes
• Critical scenario: 20000 web pages scraped in less than 1 minute

The report should contain:

• A basic explanation of the attack vector used.

• The code to reproduce the scraping scenario

• The IP used during the attack

• The scraped content in the form of hashes contained in the page from the scraped pages (not hashes of the raw HTML files themselves) and HTTP requests return code (must be 200). This flag has the form pagehash_<random_hash> (for example pagehash_b94337d90dafb27683afac39d2a24b3c)

• The scraping speed (in hits per sec.)

• We validate your finding using the DataDome Dashboard. To confirm the reported bot traffic, we need to see at least 20,000 allowed requests in the Explore section. We will share a screenshot to confirm or reject your finding.
  Reference: https://docs.datadome.co/docs/how-to-explore-your-data

The report will be classified as a duplicate if a previous report generated the same code fix