uoload

Dockerfile

@@ -0,0 +1,26 @@
+FROM node:20-slim
+
+RUN apt update && apt install -y \
+    wget gnupg ca-certificates xvfb \
+    fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 \
+    libatk1.0-0 libxss1 libnss3 libxcomposite1 libxdamage1 libxrandr2 libgbm1 \
+    && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \
+    && apt install -y ./google-chrome-stable_current_amd64.deb \
+    && rm google-chrome-stable_current_amd64.deb
+
+WORKDIR /app
+
+RUN mkdir -p /app/endpoints && \
+    mkdir -p /app/cache
+
+COPY package*.json ./
+RUN npm install
+
+COPY . .
+
+EXPOSE 7860
+
+CMD rm -f /tmp/.X99-lock && \
+    Xvfb :99 -screen 0 1024x768x24 & \
+    export DISPLAY=:99 && \
+    npm start

README.md

@@ -3,9 +3,8 @@ title: Cf
 emoji: 💻
 colorFrom: pink
 colorTo: purple
-sdk: gradio
+sdk: docker
 sdk_version: 6.13.0
-app_file: app.py
 pinned: false
 license: apache-2.0
 short_description: 'bypass cloud turnstile '

api_test.py

@@ -0,0 +1,17 @@
+import asyncio
+import httpx
+
+async def main():
+    async with httpx.AsyncClient(timeout=30.0) as client:
+        resp2 = await client.post(
+            "http://localhost:8080/cloudflare",
+            json={
+                "domain": "https://lksfy.com/",
+                "siteKey": "0x4AAAAAAA49NnPZwQijgRoi",
+                "mode": "turnstile",
+            },
+        )
+        print(resp2.json())
+
+if __name__ == "__main__":
+    asyncio.run(main())

cache/cache.json

@@ -0,0 +1,10 @@
+{
+  "{\"domain\":\"https://v2links.org\",\"mode\":\"iuam\"}": {
+    "timestamp": 1758616160392,
+    "value": {
+      "cf_clearance": "qqs5f4MpFMgA0v78Qmh_HYDWoKhbwqlQ57bTW5KeIr8-1758616161-1.2.1.1-D5PdpmheHl.26ssIRKQBsXzPtPPkSXntEZ_H9FUJVt7MMTS_BEE8iH.E48MDzKtFBLwZqRYxE_1GLo1gj3ChXrwatOGEJcmGRUwavy2qvGgUPizn7qufd.sW0ULfhaRO7Gz_H_eO1TU3iEqCzltEUDNk0SviKRFkF8ozbvJ91MW_qmO.qrjQorbu_jxcgJv5BHs6rTNOitWtVDAmYMDukASq0viHXIUAIvTM.LIfQ88",
+      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36",
+      "elapsed_time": 5.028
+    }
+  }
+}

endpoints/cloudflare.js

@@ -0,0 +1,79 @@
+async function cloudflare(data, page) {
+  return new Promise(async (resolve, reject) => {
+    if (!data.domain) return reject(new Error("Missing domain parameter"))
+
+    const startTime = Date.now()
+    let isResolved = false
+    let userAgent = null
+
+    const cl = setTimeout(() => {
+      if (!isResolved) {
+        isResolved = true
+        const elapsedTime = (Date.now() - startTime) / 1000
+        resolve({
+          cf_clearance: null,
+          user_agent: userAgent,
+          elapsed_time: elapsedTime,
+        })
+      }
+    }, 20000)
+
+    try {
+      if (data.proxy?.username && data.proxy?.password) {
+        await page.authenticate({
+          username: data.proxy.username,
+          password: data.proxy.password,
+        })
+      }
+
+      page.removeAllListeners("request")
+      page.removeAllListeners("response")
+      await page.setRequestInterception(true)
+
+      page.on("request", async (req) => {
+        try {
+          await req.continue()
+        } catch (_) {}
+      })
+
+      page.on("response", async (res) => {
+        try {
+          const url = res.url()
+          if (url.includes("/cdn-cgi/challenge-platform/")) {
+            const headers = res.headers()
+            if (headers["set-cookie"]) {
+              const match = headers["set-cookie"].match(/cf_clearance=([^;]+)/)
+              if (match) {
+                const cf_clearance = match[1]
+                const userAgent = (await res.request().headers())["user-agent"]
+                const elapsedTime = (Date.now() - startTime) / 1000
+
+                if (!isResolved) {
+                  isResolved = true
+                  clearTimeout(cl)
+
+                  resolve({
+                    cf_clearance,
+                    user_agent: userAgent,
+                    elapsed_time: elapsedTime,
+                  })
+                }
+              }
+            }
+          }
+        } catch (_) {}
+      })
+
+      await page.goto(data.domain, { waitUntil: "domcontentloaded" })
+      userAgent = await page.evaluate(() => navigator.userAgent)
+    } catch (err) {
+      if (!isResolved) {
+        isResolved = true
+        clearTimeout(cl)
+        reject(err)
+      }
+    }
+  })
+}
+
+module.exports = cloudflare

endpoints/recaptchav2.js

@@ -0,0 +1,277 @@
+async function recaptchaV2({ domain, proxy, siteKey, action = "submit", isInvisible = false }, page) {
+  if (!domain) throw new Error("Missing domain parameter");
+  if (!siteKey) throw new Error("Missing siteKey parameter");
+
+  const timeout = global.timeOut || 60000;
+  let isResolved = false;
+
+  const cl = setTimeout(async () => {
+    if (!isResolved) {
+      throw new Error("Timeout Error");
+    }
+  }, timeout);
+
+  try {
+    if (proxy?.username && proxy?.password) {
+      await page.authenticate({
+        username: proxy.username,
+        password: proxy.password,
+      });
+    }
+
+    const htmlContent = `
+      <!DOCTYPE html>
+      <html lang="en">
+      <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>reCAPTCHA v2 Solver</title>
+        <style>
+          body { 
+            font-family: Arial, sans-serif; 
+            margin: 0; 
+            padding: 20px; 
+            background: #f5f5f5;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            min-height: 100vh;
+          }
+          .container {
+            background: white;
+            padding: 30px;
+            border-radius: 10px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            text-align: center;
+          }
+          .status {
+            margin-top: 20px;
+            padding: 10px;
+            border-radius: 5px;
+            background: #f8f9fa;
+          }
+          button {
+            background: #007bff;
+            color: white;
+            border: none;
+            padding: 10px 20px;
+            border-radius: 5px;
+            cursor: pointer;
+            margin: 10px;
+          }
+          button:hover {
+            background: #0056b3;
+          }
+        </style>
+      </head>
+      <body>
+        <div class="container">
+          <h2>reCAPTCHA v2 Solver</h2>
+          <p>SiteKey: ${siteKey}</p>
+          <div id="recaptcha-container">
+            <div class="g-recaptcha"
+                 data-sitekey="${siteKey}"
+                 data-callback="recaptchaCallback"
+                 data-expired-callback="recaptchaExpired"
+                 data-error-callback="recaptchaError"
+                 data-size="${isInvisible ? 'invisible' : 'normal'}"
+                 data-theme="light">
+            </div>
+          </div>
+          ${isInvisible ? '<button onclick="executeInvisible()">Execute reCAPTCHA</button>' : ''}
+          <button onclick="checkToken()">Check Token</button>
+          <div class="status" id="status">Waiting for reCAPTCHA...</div>
+        </div>
+
+        <script>
+          // Global variables
+          window.recaptchaToken = null;
+          window.recaptchaSolved = false;
+
+          // Callback functions
+          window.recaptchaCallback = function(token) {
+            console.log('reCAPTCHA token received:', token);
+            window.recaptchaToken = token;
+            window.recaptchaSolved = true;
+            
+            document.getElementById('status').innerHTML = '✅ reCAPTCHA Solved! Token: ' + token.substring(0, 20) + '...';
+            document.getElementById('status').style.background = '#d4edda';
+            document.getElementById('status').style.color = '#155724';
+            
+            // Store token in multiple ways
+            var input = document.createElement('input');
+            input.type = 'hidden';
+            input.name = 'g-recaptcha-response';
+            input.value = token;
+            input.id = 'recaptcha-token-input';
+            document.body.appendChild(input);
+            
+            localStorage.setItem('recaptcha_token', token);
+          };
+
+          window.recaptchaExpired = function() {
+            console.log('reCAPTCHA expired');
+            window.recaptchaToken = null;
+            window.recaptchaSolved = false;
+            document.getElementById('status').innerHTML = '❌ reCAPTCHA Expired - Refreshing...';
+            document.getElementById('status').style.background = '#fff3cd';
+            document.getElementById('status').style.color = '#856404';
+            
+            var existing = document.getElementById('recaptcha-token-input');
+            if (existing) existing.remove();
+            
+            // Auto-refresh after expiration
+            setTimeout(() => {
+              if (window.grecaptcha) {
+                grecaptcha.reset();
+              }
+            }, 1000);
+          };
+
+          window.recaptchaError = function() {
+            console.log('reCAPTCHA error');
+            document.getElementById('status').innerHTML = '❌ reCAPTCHA Error';
+            document.getElementById('status').style.background = '#f8d7da';
+            document.getElementById('status').style.color = '#721c24';
+          };
+
+          window.executeInvisible = function() {
+            if (window.grecaptcha) {
+              grecaptcha.execute();
+            }
+          };
+
+          window.checkToken = function() {
+            const token = window.recaptchaToken || document.getElementById('recaptcha-token-input')?.value;
+            if (token) {
+              document.getElementById('status').innerHTML = 'Token: ' + token;
+            } else {
+              document.getElementById('status').innerHTML = 'No token yet';
+            }
+          };
+
+          // Auto-execute for invisible reCAPTCHA
+          window.onload = function() {
+            setTimeout(function() {
+              // For invisible reCAPTCHA, auto-execute
+              if (${isInvisible} && window.grecaptcha) {
+                grecaptcha.execute();
+              }
+              
+              // For visible reCAPTCHA, try to find and click
+              if (!${isInvisible}) {
+                var iframe = document.querySelector('iframe[src*="recaptcha"]');
+                if (iframe) {
+                  console.log('Attempting to interact with reCAPTCHA');
+                  var rect = iframe.getBoundingClientRect();
+                  var clickEvent = new MouseEvent('click', {
+                    view: window,
+                    bubbles: true,
+                    cancelable: true,
+                    clientX: rect.left + rect.width / 2,
+                    clientY: rect.top + rect.height / 2
+                  });
+                  iframe.dispatchEvent(clickEvent);
+                }
+              }
+            }, 2000);
+          };
+        </script>
+
+        <!-- Load reCAPTCHA API -->
+        <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+      </body>
+      </html>
+    `;
+
+    // Setup request interception
+    await page.setRequestInterception(true);
+    page.removeAllListeners("request");
+    
+    page.on("request", async (request) => {
+      const url = request.url();
+      
+      // Handle main document request
+      if ([domain, domain + "/"].includes(url) && request.resourceType() === "document") {
+        await request.respond({
+          status: 200,
+          contentType: "text/html",
+          body: htmlContent,
+        });
+      }
+      // Block unnecessary resources untuk mempercepat
+      else if (request.resourceType() === 'image' || 
+               request.resourceType() === 'stylesheet' ||
+               request.resourceType() === 'font') {
+        await request.abort();
+      }
+      else {
+        await request.continue();
+      }
+    });
+
+    // Navigate ke page
+    await page.goto(domain, { 
+      waitUntil: "domcontentloaded",
+      timeout: timeout 
+    });
+
+    // Tunggu reCAPTCHA container load
+    await page.waitForSelector('.g-recaptcha', { timeout: 10000 });
+
+    // Tunggu token tersedia dengan multiple strategies
+    const token = await page.waitForFunction(() => {
+      // Cek dari hidden input
+      const input = document.querySelector('#recaptcha-token-input');
+      if (input && input.value && input.value.length > 10) {
+        return input.value;
+      }
+      
+      // Cek dari localStorage
+      const stored = localStorage.getItem('recaptcha_token');
+      if (stored && stored.length > 10) {
+        return stored;
+      }
+      
+      // Cek dari global variable
+      if (window.recaptchaToken && window.recaptchaToken.length > 10) {
+        return window.recaptchaToken;
+      }
+      
+      return null;
+    }, { timeout, polling: 100 });
+
+    const tokenValue = await token.jsonValue();
+    
+    isResolved = true;
+    clearTimeout(cl);
+
+    if (!tokenValue || tokenValue.length < 10) {
+      throw new Error("Failed to get valid reCAPTCHA token");
+    }
+
+    console.log('Successfully obtained reCAPTCHA token');
+    return { token: tokenValue, type: 'recaptcha_v2' };
+
+  } catch (error) {
+    clearTimeout(cl);
+    
+    // Fallback: coba ambil token dengan method lain
+    try {
+      const fallbackToken = await page.evaluate(() => {
+        const input = document.querySelector('#recaptcha-token-input');
+        return input ? input.value : null;
+      });
+      
+      if (fallbackToken && fallbackToken.length > 10) {
+        return { token: fallbackToken, type: 'recaptcha_v2' };
+      }
+    } catch (e) {
+      // Ignore fallback error
+    }
+    
+    throw new Error(`reCAPTCHA solving failed: ${error.message}`);
+  }
+}
+
+module.exports = recaptchaV2;

endpoints/turnstile.js

@@ -0,0 +1,84 @@
+async function turnstile({ domain, proxy, siteKey }, page) {
+  if (!domain) throw new Error("Missing domain parameter");
+  if (!siteKey) throw new Error("Missing siteKey parameter");
+
+  const timeout = global.timeOut || 60000;
+  let isResolved = false;
+
+  const cl = setTimeout(async () => {
+    if (!isResolved) {
+      throw new Error("Timeout Error");
+    }
+  }, timeout);
+
+  try {
+    if (proxy?.username && proxy?.password) {
+      await page.authenticate({
+        username: proxy.username,
+        password: proxy.password,
+      });
+    }
+
+    const htmlContent = `
+      <!DOCTYPE html>
+      <html lang="en">
+      <body>
+        <div class="turnstile"></div>
+        <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
+        <script>
+          window.onloadTurnstileCallback = function () {
+            turnstile.render('.turnstile', {
+              sitekey: '${siteKey}',
+              callback: function (token) {
+                var c = document.createElement('input');
+                c.type = 'hidden';
+                c.name = 'cf-response';
+                c.value = token;
+                document.body.appendChild(c);
+              },
+            });
+          };
+        </script>
+      </body>
+      </html>
+    `;
+
+    await page.setRequestInterception(true);
+    page.removeAllListeners("request");
+    page.on("request", async (request) => {
+      if ([domain, domain + "/"].includes(request.url()) && request.resourceType() === "document") {
+        await request.respond({
+          status: 200,
+          contentType: "text/html",
+          body: htmlContent,
+        });
+      } else {
+        await request.continue();
+      }
+    });
+
+    await page.goto(domain, { waitUntil: "domcontentloaded" });
+
+    await page.waitForSelector('[name="cf-response"]', { timeout });
+
+    const token = await page.evaluate(() => {
+      try {
+        return document.querySelector('[name="cf-response"]').value;
+      } catch {
+        return null;
+      }
+    });
+
+    isResolved = true;
+    clearTimeout(cl);
+
+    if (!token || token.length < 10) throw new Error("Failed to get token");
+    return token;
+
+  } catch (e) {
+    clearTimeout(cl);
+    throw e;
+  }
+}
+
+module.exports = turnstile;

index.js

@@ -0,0 +1,178 @@
+const express = require('express');
+const { connect } = require("puppeteer-real-browser");
+const fs = require('fs');
+const path = require('path');
+
+const app = express();
+const port = process.env.PORT || 7860;
+const authToken = process.env.authToken || null; // Set null biar gak perlu auth
+const domain = process.env.DOMAIN || `https://fourstore-cf.hf.space`;
+
+global.browserLimit = Number(process.env.browserLimit) || 20;
+global.timeOut = Number(process.env.timeOut) || 60000;
+
+const CACHE_DIR = path.join(__dirname, "cache");
+const CACHE_FILE = path.join(CACHE_DIR, "cache.json");
+const CACHE_TTL = 5 * 60 * 1000;
+
+function loadCache() {
+  if (!fs.existsSync(CACHE_FILE)) return {};
+  try {
+    return JSON.parse(fs.readFileSync(CACHE_FILE, 'utf-8'));
+  } catch {
+    return {};
+  }
+}
+
+function saveCache(cache) {
+  if (!fs.existsSync(CACHE_DIR)) {
+    fs.mkdirSync(CACHE_DIR, { recursive: true });
+  }
+  fs.writeFileSync(CACHE_FILE, JSON.stringify(cache, null, 2), 'utf-8');
+}
+
+function readCache(key) {
+  const cache = loadCache();
+  const entry = cache[key];
+  if (entry && Date.now() - entry.timestamp < CACHE_TTL) {
+    return entry.value;
+  }
+  return null;
+}
+
+function writeCache(key, value) {
+  const cache = loadCache();
+  cache[key] = { timestamp: Date.now(), value };
+  saveCache(cache);
+}
+
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+// ROUTE UTAMA APP.GET("/")
+app.get("/", (req, res) => {
+  res.json({
+    message: "Server is running!",
+    domain: domain,
+    endpoints: {
+      cloudflare: `${domain}/cloudflare`,
+      turnstile: `${domain}/cloudflare`,
+      recaptcha: `${domain}/cloudflare`
+    },
+    status: {
+      browserLimit: global.browserLimit,
+      timeOut: global.timeOut,
+      authRequired: authToken !== null
+    }
+  });
+});
+
+if (process.env.NODE_ENV !== 'development') {
+  let server = app.listen(port, () => {
+    console.log(`Server running on port ${port}`);
+    console.log(`Domain: ${domain}`);
+    console.log(`Auth required: ${authToken !== null}`);
+  });
+  try {
+    server.timeout = global.timeOut;
+  } catch {}
+}
+
+async function createBrowser(proxyServer = null) {
+  const connectOptions = {
+    headless: false,
+    turnstile: true,
+    connectOption: { defaultViewport: null },
+    disableXvfb: false,
+  };
+  if (proxyServer) connectOptions.args = [`--proxy-server=${proxyServer}`];
+
+  const { browser } = await connect(connectOptions);
+  const [page] = await browser.pages();
+
+  await page.goto('about:blank');
+  await page.setRequestInterception(true);
+  page.on('request', (req) => {
+    const type = req.resourceType();
+    if (["image", "stylesheet", "font", "media"].includes(type)) req.abort();
+    else req.continue();
+  });
+
+  return { browser, page };
+}
+
+const turnstile = require('./endpoints/turnstile');
+const cloudflare = require('./endpoints/cloudflare');
+const recaptchaV2 = require('./endpoints/recaptchav2');
+
+app.post('/cloudflare', async (req, res) => {
+  const data = req.body;
+  if (!data || typeof data.mode !== 'string')
+    return res.status(400).json({ message: 'Bad Request: missing or invalid mode' });
+  
+  // COMMENT/HAPUS pengecekan auth token biar gak perlu auth
+  // if (authToken && data.authToken !== authToken)
+  //   return res.status(401).json({ message: 'Unauthorized' });
+
+  if (global.browserLimit <= 0)
+    return res.status(429).json({ message: 'Too Many Requests' });
+
+  let cacheKey, cached;
+  if (data.mode === "iuam" || data.mode === "recaptcha") {
+    cacheKey = JSON.stringify(data);
+    cached = readCache(cacheKey);
+    if (cached) return res.status(200).json({ ...cached, cached: true });
+  }
+
+  global.browserLimit--;
+  let result, browser;
+
+  try {
+    const proxyServer = data.proxy ? `${data.proxy.hostname}:${data.proxy.port}` : null;
+    const ctx = await createBrowser(proxyServer);
+    browser = ctx.browser;
+    const page = ctx.page;
+
+    await page.goto('about:blank');
+
+    switch (data.mode) {
+      case "turnstile":
+        result = await turnstile(data, page)
+          .then(token => ({ token }))
+          .catch(err => ({ code: 500, message: err.message }));
+        break;
+
+      case "iuam":
+        result = await cloudflare(data, page)
+          .then(r => ({ ...r }))
+          .catch(err => ({ code: 500, message: err.message }));
+        if (!result.code || result.code === 200) writeCache(cacheKey, result);
+        break;
+
+      case "recaptcha":
+        result = await recaptchaV2(data, page)
+          .then(r => ({ ...r }))
+          .catch(err => ({ code: 500, message: err.message }));
+        if (!result.code || result.code === 200) writeCache(cacheKey, result);
+        break;
+
+      default:
+        result = { code: 400, message: 'Invalid mode' };
+    }
+  } catch (err) {
+    result = { code: 500, message: err.message };
+  } finally {
+    if (browser) try { await browser.close(); } catch {}
+    global.browserLimit++;
+  }
+
+  res.status(result.code ?? 200).json(result);
+});
+
+app.use((req, res) => {
+  res.status(404).json({ message: 'Not Found' });
+});
+
+if (process.env.NODE_ENV === 'development') {
+  module.exports = app;
+}

package.json

@@ -0,0 +1,16 @@
+{
+  "name": "cf-bypass",
+  "version": "1.0",
+  "description": "get the cf_clearance cookie from any website",
+  "scripts": {
+    "start": "node index.js",
+    "dev": "nodemon index.js"
+  },
+  "dependencies": {
+    "express": "^5.1.0",
+    "puppeteer-real-browser": "^1.4.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.10"
+  }
+}