diff --git a/README.md b/README.md index 07509ce..44a5295 100644 --- a/README.md +++ b/README.md @@ -1 +1,180 @@ -# cf-bypass-fast \ No newline at end of file +# cloudflare bypass with super fast speed 🚀🚀 + +A Node.js service that automates Chromium to bypass **Cloudflare IUAM** and **Turnstile challenges**, returning valid `cf_clearance` cookies or tokens with proxy support. + +## 🚀 Features + +- **Cloudflare IUAM Bypass**: Automatically solves "I'm Under Attack Mode" challenges super fast within 3.337 seconds 💖 +- **Turnstile Challenge Solver**: Handles Cloudflare Turnstile captchas +- **Proxy Support**: Full HTTP proxy integration with authentication +- **Smart Timeout**: 20-second timeout with graceful null responses +- **Browser Management**: Concurrent browser limit control +- **Caching System**: 5-minute TTL cache for IUAM responses +- **Production Ready**: Built with Express.js and error handling + +## 📦 Installation + +### VPS Installation (Ubuntu/Debian) +```bash +# Update system +sudo apt update && sudo apt upgrade -y + +# Install Node.js +curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - +sudo apt-get install -y nodejs + +# Install Chrome +sudo apt install -y google-chrome-stable + +# Install Xvfb for headless display +sudo apt install -y xvfb + +# Clone and setup +git clone +cd cf-bypass +npm install + +# Start Xvfb (virtual display) +Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 & +export DISPLAY=:99 + +# Run with PM2 (recommended) +npm install -g pm2 +pm2 start index.js --name "cf-bypass" +pm2 startup +pm2 save + +# Or run directly +npm start +``` + +### VPS Installation (Ubuntu/Debian) +```bash +# Update system +sudo apt update && sudo apt upgrade -y + +# Install Node.js 18+ +curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - +sudo apt-get install -y nodejs + + +# Clone and setup +git clone +cd cf-bypass +npm install + +# Run with PM2 (recommended) +npm install -g pm2 +pm2 start index.js --name "cf-bypass" +pm2 startup +pm2 save + +# Or run directly +npm start +``` + +### Local Development +```bash +npm install +npm run dev # Development mode +npm start # Production mode +``` + +## 🔧 Environment Variables + +| Variable | Default | Description | +|----------|---------|-------------| +| `PORT` | `8080` | Server port | +| `authToken` | `null` | API authentication token | +| `browserLimit` | `20` | Max concurrent browsers | +| `timeOut` | `60000` | Global timeout (ms) | + +## 📡 API Endpoints + +### POST /cloudflare + +Bypass Cloudflare protection and get cookies/tokens. + +#### Request Body +```json +{ + "mode": "iuam", + "domain": "https://olamovies.watch/generate", +} +``` + +#### Parameters +- **`mode`** (required): `"iuam"` or `"turnstile"` +- **`domain`** (required): Target website URL +- **`proxy`** (optional): Proxy configuration object + +#### Response (Success) +```json +{ + "cf_clearance": "eNm9UOgqoNDTP.fmAK9JfvirEmLVpmd.ZWIfdqQxuTc-1758610092-1.2-2NwZwW6nK23HrAH71MtvOek9vCiiS7pUBGIPtra_gSBxYxY2csa6hW0j7i...", + "user_agent": "Mozilla/5.0...", + "elapsed_time": 3.05 +} +``` + +#### Response (No Cookie Found) +```json +{ + "cf_clearance": null, + "user_agent": "Mozilla/5.0...", + "elapsed_time": 0.0 +} +``` + +#### Response (Turnstile) +```json +{ + "token": "0.xsFjuaQe-ahOJOCPBca6_gO_PYmF6LRrkxMX7s9XY6hdkCydEQocV3IlhGNgxa-X9KGS1lPoWScPSAPsUieuG-gyAazbguBUogGpqX9Ft..." +} +``` + +## 🌐 Proxy Configuration + +The service supports HTTP proxies with authentication: + +**Proxy Format**: `username:password@hostname:port` + +## 📝 Usage Examples + +### run test +```bash +python api_test.py +``` + +## ⚡ Key Features + +### Caching System +- **5-minute TTL** for IUAM responses +- Reduces server load and response time +- Cache key based on request parameters + +### Browser Management +- Configurable concurrent browser limit +- Resource optimization (blocks images, CSS, fonts) + +## 🛠 Development + +### Project Structure +``` +cf-bypass/ +├── endpoints/ +│ ├── cloudflare.js # IUAM bypass logic +│ └── turnstile.js # Turnstile solver +├── cache/ +│ └── cache.json # Response cache +├── index.js # Main server +├── api_test.py # Test script +└── package.json +``` + +[credit](https://github.com/ZFC-Digital/cf-clearance-scraper) +educational / research — use responsibly and lawfully. + +my telegram: https://t.me/rex_update +--- +Made with ❤️ for bypass community \ No newline at end of file diff --git a/api_test.py b/api_test.py new file mode 100644 index 0000000..4419bcd --- /dev/null +++ b/api_test.py @@ -0,0 +1,26 @@ +import asyncio +import httpx + +async def main(): + async with httpx.AsyncClient(timeout=30.0) as client: + resp1 = await client.post( + "http://localhost:8080/cloudflare", + json={ + "domain": "https://olamovies.watch/generate", + "mode": "iuam", + }, + ) + print(resp1.json()) + + resp2 = await client.post( + "http://localhost:8080/cloudflare", + json={ + "domain": "https://lksfy.com/", + "siteKey": "0x4AAAAAAA49NnPZwQijgRoi", + "mode": "turnstile", + }, + ) + print(resp2.json()) + +if __name__ == "__main__": + asyncio.run(main()) diff --git a/index.js b/index.js new file mode 100644 index 0000000..8d4fc21 --- /dev/null +++ b/index.js @@ -0,0 +1,170 @@ +const express = require('express') +const { connect } = require("puppeteer-real-browser") +const fs = require("fs") +const path = require("path") + +const app = express() +const port = process.env.PORT || 8080 +const authToken = process.env.authToken || null + +global.browserLimit = Number(process.env.browserLimit) || 20 +global.timeOut = Number(process.env.timeOut) || 60000 + +const CACHE_DIR = path.join(__dirname, "cache") +const CACHE_FILE = path.join(CACHE_DIR, "cache.json") +const CACHE_TTL = 5 * 60 * 1000 + +function loadCache() { + if (!fs.existsSync(CACHE_FILE)) return {} + try { + return JSON.parse(fs.readFileSync(CACHE_FILE, "utf-8")) + } catch { + return {} + } +} + +function saveCache(cache) { + if (!fs.existsSync(CACHE_DIR)) { + fs.mkdirSync(CACHE_DIR, { recursive: true }) + } + fs.writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2), "utf-8") +} + +function readCache(key) { + const cache = loadCache() + const entry = cache[key] + if (entry && Date.now() - entry.timestamp < CACHE_TTL) { + return entry.value + } + return null +} + +function writeCache(key, value) { + const cache = loadCache() + cache[key] = { timestamp: Date.now(), value } + saveCache(cache) +} + +app.use(express.json()) +app.use(express.urlencoded({ extended: true })) + +if (process.env.NODE_ENV !== 'development') { + let server = app.listen(port, () => { + console.log(`Server running on port ${port}`) + }) + try { + server.timeout = global.timeOut + } catch {} +} + +async function createBrowser(proxyServer = null) { + const connectOptions = { + headless: false, + turnstile: true, + connectOption: { defaultViewport: null }, + disableXvfb: false, + } + + if (proxyServer) { + connectOptions.args = [`--proxy-server=${proxyServer}`] + } + + const { browser } = await connect(connectOptions) + + const pages = await browser.pages() + const page = pages[0] + + await page.goto('about:blank') + + await page.setRequestInterception(true) + page.on('request', (req) => { + const type = req.resourceType() + if (["image", "stylesheet", "font", "media"].includes(type)) { + req.abort() + } else { + req.continue() + } + }) + + return { browser, page } +} + +const turnstile = require('./endpoints/turnstile') +const cloudflare = require('./endpoints/cloudflare') + +app.post('/cloudflare', async (req, res) => { + const data = req.body + if (!data || typeof data.mode !== 'string') { + return res.status(400).json({ message: 'Bad Request: missing or invalid mode' }) + } + if (authToken && data.authToken !== authToken) { + return res.status(401).json({ message: 'Unauthorized' }) + } + + if (global.browserLimit <= 0) { + return res.status(429).json({ message: 'Too Many Requests' }) + } + + let cacheKey, cached + if (data.mode === "iuam") { + + cacheKey = JSON.stringify(data) + cached = readCache(cacheKey) + if (cached) { + return res.status(200).json({ ...cached, cached: true }) + } + } + + global.browserLimit-- + let result + let browser, page + + try { + const proxyServer = data.proxy ? `${data.proxy.hostname}:${data.proxy.port}` : null + const ctx = await createBrowser(proxyServer) + browser = ctx.browser + page = ctx.page + + await page.goto('about:blank') + + switch (data.mode) { + case "turnstile": + + result = await turnstile(data, page) + .then(token => ({ token })) + .catch(err => ({ code: 500, message: err.message })) + break + + case "iuam": + + result = await cloudflare(data, page) + .then(r => ({ ...r })) + .catch(err => ({ code: 500, message: err.message })) + + if (!result.code || result.code === 200) { + writeCache(cacheKey, result) + } + break + + default: + result = { code: 400, message: 'Invalid mode' } + } + } catch (err) { + result = { code: 500, message: err.message } + } finally { + if (browser) { + try { await browser.close() } catch {} + } + global.browserLimit++ + } + + res.status(result.code ?? 200).json(result) +}) + +app.use((req, res) => { + res.status(404).json({ message: 'Not Found' }) +}) + +if (process.env.NODE_ENV === 'development') { + module.exports = app +} \ No newline at end of file diff --git a/package.json b/package.json new file mode 100644 index 0000000..149c951 --- /dev/null +++ b/package.json @@ -0,0 +1,16 @@ +{ + "name": "cf-bypass", + "version": "1.0", + "description": "get the cf_clearance cookie from any website", + "scripts": { + "start": "node index.js", + "dev": "nodemon index.js" + }, + "dependencies": { + "express": "^5.1.0", + "puppeteer-real-browser": "^1.4.0" + }, + "devDependencies": { + "nodemon": "^3.1.10" + } +}