Recently, @ThePornHelper raised an issue related to OnlyFans false negative. After going through the issue, I tried checking for some popular onlyfans creators on sherlock and as per the issue raised all of them were giving false negative.
So, I checked with the current method of checking the username availability. It the following API url:
`https://onlyfans.com/api2/v2/users/grandmasterchefjojo`
It returns a 400 error code and doesn't work at all.
Why it's happening? It requires a token be passed in the headers to for it to work.
After this, I tried using BurpSuite to find any other way to check availability and unfortunately there aren't any.
Even the wrong onlyfans.com/thisusernamedoesntexist777 URL also returns 200 in HTTP response.
So, it's better to remove OnlyFans from supported sites list and add it to removed_sites.json
Thanks.
Recently, @ThePornHelper raised an issue related to OnlyFans false negative. After going through the issue, I tried checking for some popular onlyfans creators on sherlock and as per the issue raised all of them were giving false negative.
So, I checked with the current method of checking the username availability. It the following API url:
`https://onlyfans.com/api2/v2/users/grandmasterchefjojo`
It returns a 400 error code and doesn't work at all.
Why it's happening? It requires a token be passed in the headers to for it to work.
After this, I tried using BurpSuite to find any other way to check availability and unfortunately there aren't any.
Even the wrong onlyfans.com/thisusernamedoesntexist777 URL also returns 200 in HTTP response.
So, it's better to remove OnlyFans from supported sites list and add it to removed_sites.json
Thanks.
Recently, @ThePornHelper raised an issue related to OnlyFans false negative. After going through the issue, I tried checking for some popular onlyfans creators on sherlock and as per the issue raised all of them were giving false negative.
So, I checked with the current method of checking the username availability. It the following API url:
`https://onlyfans.com/api2/v2/users/grandmasterchefjojo`
It returns a 400 error code and doesn't work at all.
Why it's happening? It requires a token be passed in the headers to for it to work.
After this, I tried using BurpSuite to find any other way to check availability and unfortunately there aren't any.
Even the wrong onlyfans.com/thisusernamedoesntexist777 URL also returns 200 in HTTP response.
So, it's better to remove OnlyFans from supported sites list and add it to removed_sites.json
Thanks.
Siddharth Dushantha
sondreal
github-actions[bot]
Yahya SayadArbabi
Abhishek Verma
Tim Wolf
Christian Clauss
hor00s