Skip to content
/ cloudflare-jsd Public

Bypass Cloudflare's /h/b/jsd challenge using 100% python

License

MIT license
178 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xKiian/cloudflare-jsd

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

xKiianxKiian
Note
Mar 17, 2025
22395fc · Mar 17, 2025

History

11 Commits
reverse
reverse
Feb 1, 2025
.gitattributes
.gitattributes
Feb 1, 2025
.gitignore
.gitignore
Feb 1, 2025
LICENSE
LICENSE
Feb 1, 2025
cfhb.py
cfhb.py
Feb 10, 2025
deobf.py
deobf.py
Feb 1, 2025
example.py
example.py
Feb 10, 2025
get_fingerprint.js
get_fingerprint.js
Feb 1, 2025
lzstring.py
lzstring.py
Feb 1, 2025
readme.md
readme.md
Mar 17, 2025

Repository files navigation

Cloudflare reverse

I fully reverse engineered the /cdn-cgi/challenge-platform/h/b/jsd challenge.

⭐️ star the repo

please star the repo to show support❤️ i might publish cf turnstile👀

Installation

Copy cfhb.py & lzstring.py into your project and import Cloudflare from cfbm

Fingerprint

Obtaining a fingerprint is pretty easy.

  1. Go to the target Website
  2. Copy the code from get_fingerprint.js and paste it into the console (F12 -> Console)
  3. Copy the output and paste it into fingerprint.json

The script automatically gets the fingerprint and replaces the timestamp with %timestamp% for your convenience

Example Usage

# basic PoC (proof of concept) getting a cf_clearance cookie for bstn.com

from requests import Session
from cfhb import Cloudflare

session = Session()
session.headers = {
    "connection": "keep-alive",
    "sec-ch-ua-platform": '"Windows"',
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36",
    "sec-ch-ua": '"Not A(Brand";v="8", "Chromium";v="132", "Google Chrome";v="132"',
    "sec-ch-ua-mobile": "?0",
    "sec-fetch-site": "same-origin",
    "sec-fetch-mode": "no-cors",
    "sec-fetch-dest": "script",
    "accept-encoding": "gzip, deflate, br, zstd",
    "accept-language": "en-US,en;q=0.9",
}

response = session.get("https://www.bstn.com/eu_de")
init_res = response.text

param_r = response.headers["cf-ray"].split("-")[0]
# do something with the initial request...

cf_clearance = Cloudflare(session, "www.bstn.com", init_res, param_r).solve()

print("[+]", cf_clearance, len(cf_clearance))
print(session.cookies.get_dict())

# execution time: ~700ms

Contributing

Contributions are welcome! Please feel free to submit a Pull Request. Here are some ways you can contribute:

  • 🐛 Report bugs
  • ✨ Request features
  • 📝 Improve documentation
  • 🔧 Submit bug fixes
  • 🎨 Add examples

License

This project is licensed under the MIT License - see the LICENSE file for details.

Note

This is NOT a cloudflare turnstile solver. It's a completetly different challenge. Please stop making Issues about it.

Disclaimer

This package is unofficial and not affiliated with Cloudflare. Use it responsibly and in accordance with Cloudflare's terms of service.

I might share how I managed to reverse engineer the challenge if this repository receives enough attention.

About

Bypass Cloudflare's /h/b/jsd challenge using 100% python

Resources

Readme

License

MIT license
Activity

Stars

178 stars

Watchers

4 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages