1. Reverse Engineer Client Script
2. Generate Request Bot
The bot operator builds a request bot with non-browser based scripts to submit telemetry to the bot provider based on what’s been learned from reverse engineering. This will replay the anti-bot system with seemingly legitimate data and tricks the bot mitigation system to validate the request as human.
3. Dynamic Challenge
Some bot mitigation providers also apply “dynamic” challenges to continually revalidate that the requests are being sent from within a browser. For example, a commonly used dynamic challenge is to monitor mouse clicks, movements, and screen interactions.