© 2022 - aleteo.co
As your business scales up, it is necessary to take the data extractionprocess to the next level and scrape data at a large scale. However, scraping a large amount of data from websites isn't an easy task. You may encounter a few challenges that would hold you up from getting a significant amount of data from various sources automatically.
Table of Content:
Web scraping is a tool that can ease the process of B2B lead generation, increase the quality of the b2b leads and, as a result, enable regular revenues. Market Research Collect data for market research – to track competitor prices, reviews, and implement brand reputation monitoring. There is nothing like a website won't allow you to scrape.But scraping a website withiut abiding by its Terms and conditions can make you repent! When planning to scrape a website, you should always check its robots.txt first. I don't know website scraping lingo, but deal mostly with Excel. I'm come to a point where I'm looking to hire someone but I want to ensure I'm speaking the same language. I need to web scrape different outcomes from about 1000 different outcomes on the same site. It's a drop down list and each option have about 5 outcomes and 20 lines of data.
from The Lazy Artist Gallery
Such as Captcha and behind-the-log-in serve as surveillance to keep spam away. However, they also pose a great challenge for a basic web scraper to get passed. As such anti-scraping technologies apply complex coding algorithms, it takes a lot of effort to come up with a technical solution to workaround. Some may even need a middleware like 2Captcha to solve.
The more web pages a scraper needs to go through, the longer it takes to complete. It is obvious that scraping at a large scale will take up a lot of resources on a local machine. A heavier workload on the local machine might lead to a breakdown.
A Large scale extraction generates a huge volume of data. This requires a strong infrastructure on data warehousing to be able to store the data securely. It will take a lot of money and time to maintain such a database.
Although these are some common challenges of scraping at large scale, Octoparsealready helped many companies overcome such issues. Octoparse’s cloud extraction is engineered for large scale extraction.
Cloud extraction allows you to extract data from your target websites 24/7 and stream into your database, all automatically. The one obvious advantage? You don’t need to sit by your computer and wait for the task to get completed.
But...there are actually more important things you can achieve with cloud extraction. Let me break them down into details:
In Octoparse, we call a scraping project a “task”. With cloud extraction, you can scrape as many as 6 to 20 times faster than a local run.
This is how Cloud extraction works. When a task is created and set to run on the cloud, Octoparse sends the task to multiple cloud servers that then go on to perform the scraping tasks concurrently. For example, if you are trying to scrape product information for 10 different pillows on Amazon, Instead of extracting the 10 pillows one by one, Octoparse initiates the task and send it to 10 cloud servers, each goes on to extract data for one of the ten pillows. In the end, you would get 10 pillows data extracted in 1/10th of the time if you were to extract the data locally.
This is apparently an over-simplified version of the Octoparse algorithm, but you get the idea.
Cloud extraction also makes it possible to scrape up to 20 websites simultaneously. Following the same idea, each website is scraped on a single cloud server that then sends back the extracted to your account.
You can set up different tasks with various priorities to make sure the websites will be scraped in the order preferred.
During a cloud extraction, Octoparse removes duplicated data and stored the clean data in the cloud such that you can easily access the data at any time, anywhere and there’s no limit to the amount of data you can store. For an even more seamless scraping experience, integrate Octoparse with your own program or database via API for managing your tasks and data.
If you're gonna need regular data feeds from any websites, this is the feature for you. With Octoparse, you can easily set your tasks to run on schedule, daily, weekly, monthly or even at any specific time of each day. Once you finish scheduling, click 'Save and Start'. The task will run as scheduled.
Cloud extraction reduces the chance of being blacklisted/blocked. You can use IP proxies, switch user-agents, clear cookies, adjust scraping speed.etc.
Tracking web data at a large volume such as social media, news, and e-commerce websites will elevate your business performance with>
Ashley is a data enthusiast and passionate blogger with hands-on experience in web scraping. She focuses on capturing web data and analyzing in a way that empowers companies and businesses with actionable insights. Read her blog here to discover practical tips and applications on web data extraction
Artículo en español: Cómo scrape sitio web a gran escala (guía 2020)
También puede leer artículos de web scraping en El Website Oficial
Web scraping or crawling is the process of fetching data from a third-party website by downloading and parsing the HTML code to extract the data you want.
“But you should use an API for this!'
However, not every website offers an API, and APIs don't always expose every piece of information you need. So, it's often the only solution to extract website data.
There are many use cases for web scraping:
The main problem is that most websites do not want to be scraped. They only want to serve content to real users using real web browsers (except Google - they all want to be scraped by Google).
So, when you scrape, you do not want to be recognized as a robot. There are two main ways to seem human: use human tools and emulate human behavior.
This post will guide you through all the tools websites use to block you and all the ways you can successfully overcome these obstacles.
When you open your browser and go to a webpage, it almost always means that you ask an HTTP server for some content. One of the easiest ways to pull content from an HTTP server is to use a classic command-line tool such as cURL.
The thing is, if you just do:
curl www.google.com, Google has many ways to know that you are not a human (for example by looking at the headers). Headers are small pieces of information that go with every HTTP request that hits the servers. One of those pieces of information precisely describes the client making the request, This is the infamous “User-Agent” header. Just by looking at the “User-Agent” header, Google knows that you are using cURL. If you want to learn more about headers, the Wikipedia page is great. As an experiment, just go over here. This webpage simply displays the headers information of your request.
Headless Browsers will behave like a real browser except that you will easily be able to programmatically use them. The most popular is Chrome Headless, a Chrome option that behaves like Chrome without all of the user interface wrapping it.
The easiest way to use Headless Chrome is by calling a driver that wraps all functionality into an easy API. SeleniumPlaywright and Puppeteer are the three most famous solutions.
However, it will not be enough as websites now have tools that detect headless browsers. This arms race has been going on for a long time.
While these solutions can be easy to do on your local computer, it can be trickier to make this work at scale.
Managing lots of Chrome headless instances is one of the many problems we solve at ScrapingBee
This is why there is an everlasting arms race between web scrapers who want to pass themselves as a real browser and websites who want to distinguish headless from the rest.
However, in this arms race, web scrapers tend to have a big advantage here is why:
Another thing to know is that while running 20 cURL in parallel is trivial and Chrome Headless is relatively easy to use for small use cases, it can be tricky to put at scale. Because it uses lots of RAM, managing more than 20 instances of it is a challenge.
If you want to learn more about browser fingerprinting I suggest you take a look at Antoine Vastel's blog, which is entirely dedicated to this subject.
That's about all you need to know about how to pretend like you are using a real browser. Let's now take a look at how to behave like a real human.
TLS stands for Transport Layer Security and is the successor of SSL which was basically what the “S” of HTTPS stood for.
This protocol ensures privacy and data integrity between two or more communicating computer applications (in our case, a web browser or a script and an HTTP server).
Similar to browser fingerprinting the goal of TLS fingerprinting is to uniquely identify users based on the way they use TLS.
How this protocol works can be split into two big parts.
First, when the client connects to the server, a TLS handshake happens. During this handshake, many requests are sent between the two to ensure that everyone is actually who they claim to be.
Then, if the handshake has been successful the protocol describes how the client and the server should encrypt and decrypt the data in a secure way. If you want a detailed explanation, check out this great introduction by Cloudflare.
Most of the data point used to build the fingerprint are from the TLS handshake and if you want to see what does a TLS fingerprint looks like, you can go visit this awesome online database.
On this website, you can see that the most used fingerprint last week was used 22.19% of the time (at the time of writing this article).
This number is very big and at least two orders of magnitude higher than the most common browser fingerprint. It actually makes sense as a TLS fingerprint is computed using way fewer parameters than a browser fingerprint.
Those parameters are, amongst others:
If you wish to know what your TLS fingerprint is, I suggest you visit this website.
Ideally, in order to increase your stealth when scraping the web, you should be changing your TLS parameters. However, this is harder than it looks.
Firstly, because there are not that many TLS fingerprints out there, simply randomizing those parameters won't work. Your fingerprint will be so rare that it will be instantly flagged as fake.
Secondly, TLS parameters are low-level stuff that rely heavily on system dependencies. So, changing them is not straight-forward.
For examples, the famous Python
requests module doesn't support changing the TLS fingerprint out of the box. Here are a few resources to change your TLS version and cypher suite in your favorite language:
Keep in mind that most of these libraries rely on the SSL and TLS implementation of your system, OpenSSL is the most widely used, and you might need to change its version in order to completely alter your fingerprint.
A human using a real browser will rarely request 20 pages per second from the same website. So if you want to request a lot of page from the same website you have to trick the website into thinking that all those requests come from different places in the world i.e: different I.P addresses. In other words, you need to use proxies.
Proxies are not very expensive: ~1$ per IP. However, if you need to do more than ~10k requests per day on the same website, costs can go up quickly, with hundreds of addresses needed. One thing to consider is that proxy IPs needs to be constantly monitored in order to discard the one that is not working anymore and replace it.
There are several proxy solutions on the market, here are the most used rotating proxy providers: Luminati Network, Blazing SEO and SmartProxy.
There is also a lot of free proxy lists and I don’t recommend using these because they are often slow and unreliable, and websites offering these lists are not always transparent about where these proxies are located. Free proxy lists are usually public, and therefore, their IPs will be automatically banned by the most website. Proxy quality is important. Anti-crawling services are known to maintain an internal list of proxy IP so any traffic coming from those IPs will also be blocked. Be careful to choose a good reputation. This is why I recommend using a paid proxy network or build your own.
Another proxy type that you could look into is mobile, 3g and 4g proxies. This is helpful for scraping hard-to-scrape mobile first websites, like social media.
To build your own proxy you could take a look at scrapoxy, a great open-source API, allowing you to build a proxy API on top of different cloud providers. Scrapoxy will create a proxy pool by creating instances on various cloud providers (AWS, OVH, Digital Ocean). Then, you will be able to configure your client so it uses the Scrapoxy URL as the main proxy, and Scrapoxy it will automatically assign a proxy inside the proxy pool. Scrapoxy is easily customizable to fit your needs (rate limit, blacklist …) it can be a little tedious to put in place.
You could also use the TOR network, aka, The Onion Router. It is a worldwide computer network designed to route traffic through many different servers to hide its origin. TOR usage makes network surveillance/traffic analysis very difficult. There are a lot of use cases for TOR usage, such as privacy, freedom of speech, journalists in a dictatorship regime, and of course, illegal activities. In the context of web scraping, TOR can hide your IP address, and change your bot’s IP address every 10 minutes. The TOR exit nodes IP addresses are public. Some websites block TOR traffic using a simple rule: if the server receives a request from one of the TOR public exit nodes, it will block it. That’s why in many cases, TOR won’t help you, compared to classic proxies. It's worth noting that traffic through TOR is also inherently much slower because of the multiple routing.
Sometimes proxies will not be enough. Some websites systematically ask you to confirm that you are a human with so-called CAPTCHAs. Most of the time CAPTCHAs are only displayed to suspicious IP, so switching proxy will work in those cases. For the other cases, you'll need to use CAPTCHAs solving service (2Captchas and DeathByCaptchas come to mind).
While some Captchas can be automatically resolved with optical character recognition (OCR), the most recent one has to be solved by hand.
If you use the aforementioned services, on the other side of the API call you'll have hundreds of people resolving CAPTCHAs for as low as 20ct an hour.
But then again, even if you solve CAPCHAs or switch proxy as soon as you see one, websites can still detect your data extraction process.
Another advanced tool used by websites to detect scraping is pattern recognition. So if you plan to scrape every IDs from 1 to 10 000 for the URL www.example.com/product/
Some websites also do statistic on browser fingerprint per endpoint. This means that if you don't change some parameters in your headless browser and target a single endpoint, they might block you.
Websites also tend to monitor the origin of traffic, so if you want to scrape a website if Brazil, try to not do it with proxies in Vietnam.
But from experience, I can tell you that rate is the most important factor in “Request Pattern Recognition”, so the slower you scrape, the less chance you have of being discovered.
Sometimes, the server expect the client to be a machine. In these cases, hiding yourself is way easier.
Basically, this “trick” comes down to two things:
For example, let's say that I want to get all the comments of a famous social network. I notice that when I click on the “load more comments” button, this happens in my inspector:
Notice that we filter out every requests except “XHR” ones to avoid noise.
When we try to see which request is being made and which response do we get… - bingo!
Now if we look at the “Headers” tab we should have everything we need to replay this request and understand the value of each parameters. This will allow us to make this request from a simple HTTP client.
The hardest part of this process is to understand the role of each parameter in the request. Know that you can left-click on any request in the Chrome dev tool inspector, export in HAR format and then import it in your favorite HTTP client, (I love Paw and PostMan).
This will allow you to have all the parameters of a working request laid out and will make your experimentation much faster and fun.
The same principles apply when it comes to reverse engineering mobile app. You will want to intercept the request your mobile app make to the server and replay it with your code.
Doing this is hard for two reasons:
For example, when Pokemon Go was released a few years ago, tons of people cheated the game after reverse-engineering the requests the mobile app made.
What they did not know was that the mobile app was sending a “secret” parameter that was not sent by the cheating script. It was easy for Niantic to then identify the cheaters. A few weeks after, a massive amount of players were banned for cheating.
Also, here is an interesting example about someone who reverse-engineered the Starbucks API.
Here is a recap of all the anti-bot techniques we saw in this article:
|Anti-bot technique||Counter measure||Supported by ScrapingBee|
|Browser Fingerprinting||Headless browsers||✅|
|IP-rate limiting||Rotating proxies||✅|
|Banning Data center IPs||Residential IPs||✅|
|TLS Fingerprinting||Forge and rotate TLS fingerprints||✅|
|Captchas on suspicious activity||All of the above||✅|
|Systematic Captchas||Captchas-solving tools and services||❌|
I hope that this overview will help you understand web-scraping and that you learned a lot reading this article.
We leverage everything I talked about in this post at ScrapingBee. Our web scraping API handles thousands of requests per second without ever being blocked. If you don’t want to lose too much time setting everything up, make sure to try ScrapingBee. The first 1k API calls are on us :).
We recently published a guide about the best web scraping tools on the market, don't hesitate to take a look!