[Enterprise] Slack Flagged login with Cookie and Token as Suspicious activity

[the-qubit-guy]

I have been trying to authorize for a new enterprise workspace and tried it twice using cookie and token as browser auth wasnt working.
Each time after "successful login" , it automatically logs out , gives "invalid_auth error" and slack flag it as suspicious activity as I receive an email saying "We recently detected potentially suspicious activity associated with your Slack account. As a precaution, we’ve signed you out of the following Enterprise Grid organization"

Is there any known solution for this ?

[rusq]

Hey @the-qubit-guy , unfortunately no, they have recently introduced this on Enterprise workspaces (about a month or so), and there's no known workaround yet. I tried to address it by using different User Agent in the latest version, but as you're getting this error, it seems that it did not help. Their detection criteria are unknown, can only guess that it may be the pattern of requests, or the rate.

Let me know if you are able to find a workaround, that would be of help to many.

[the-qubit-guy]

Thanks for the reply @rusq .

Amazed to see what you and the community have built !

Will let u know if i find a way !

[sandeepsalwan1]

hey @the-qubit-guy have you found any way to download data

[korotovsky]

Hi there. In my Slack MCP Server have in most of cases successfully mitigated this issue by faking TLS handshakes.

/cc @rusq, also thank you for your library it is a great basis for that proj! :) I hope my comment will help to improve the core library

[rusq]

Hey @korotovsky, thanks for the feedback, so nice to see it being used as a library :) Interesting, I'll have a look at faking TLS handshakes. Also — very cool project you got there!

[rusq]

Am I in the right place? transport.go

[korotovsky]

Hey, yes basically github.com/refraction-networking/utls is responsible for low-level TLS operations.