CloudFlare Turnstile Token Generator

bypass cloudflare turnstile token generator

  1. // ==UserScript==
  2. // @name CloudFlare Turnstile Token Generator
  3. // @namespace http://tampermonkey.net/
  4. // @version 0.1
  5. // @description bypass cloudflare turnstile token generator
  6. // @author alpgul
  7. // @license GPL-3.0
  8. // @match https://*/*
  9. // @icon https://www.google.com/s2/favicons?sz=64&domain=cloudflare.com
  10. // @run-at document-start
  11. // @grant GM_registerMenuCommand
  12. // @grant GM_xmlhttpRequest
  13. // @grant unsafeWindow
  14. // @grant GM_addElement
  15. // @connect challenges.cloudflare.com
  16. // @tag cloudflare
  17.  
  18. // ==/UserScript==
  19.  
  20. (function() {
  21. 'use strict';
  22. const api = 'https://challenges.cloudflare.com/turnstile/v0/api.js';
  23. let startTime;
  24. let fakeApi;
  25. function generateUniqueId() {
  26. return ([1e7] + -1e3 + -4e3 + -8e3 + -1e11).replace(/[018]/g, (c) =>
  27. (c ^ (crypto.getRandomValues(new Uint8Array(1))[0] & (15 >> (c / 4)))).toString(16)
  28. );
  29. }
  30. function EventModifier (evt, obj) {
  31. const proxy = new Proxy(evt, {
  32. get: (target, prop) => obj[prop] || target[prop]
  33. })
  34. return new evt.constructor(evt.type, proxy)
  35. }
  36. async function createApiURL() {
  37. const response = await new Promise((resolve,reject)=>{
  38. GM_xmlhttpRequest({
  39. method: "GET",
  40. url: api,
  41. onload: function(response) {
  42. if (response.status === 200) {
  43. try {
  44. const data = response.responseText;
  45. resolve(data);
  46. } catch (error) {
  47. reject("Error parsing data:"+ error);
  48. }
  49. } else {
  50. reject("Error fetching data:"+ response.status+ response.statusText);
  51. }
  52. },
  53. onerror: function(error) {
  54. reject("Error making XHR request:"+ error);
  55. }
  56. });
  57. });
  58. const script = response;
  59. const newScript = script.replaceAll(/(\w+)\.location\.href/g, `$1.location._href`);
  60. const blob = new Blob([newScript], {
  61. type: 'text/javascript'
  62. });
  63. let blobUrl = URL.createObjectURL(blob);
  64. return blobUrl;
  65. }
  66. async function createCloudflareFrame(url, key,fakeApi) {
  67. const id=generateUniqueId();
  68. const dom = `<!DOCTYPE html>
  69. <html lang="en">
  70. <head>
  71. <script>
  72. const originalSetAttribute = window.HTMLIFrameElement.prototype.setAttribute;
  73.  
  74. window.HTMLIFrameElement.prototype.setAttribute = function(name, value) {
  75. if (name === 'src') {
  76. value += "#origin=${new URL(url).origin}";
  77. }
  78. originalSetAttribute.call(this, name, value);
  79. };
  80.  
  81. window.location._href="${url}";
  82. document.head.insertAdjacentHTML('beforeend',"<script src='https://challenges.cloudflare.com/turnstile/v0/api.js' defer>");
  83. const observer = new MutationObserver(function(mutations) {
  84. mutations.forEach(function(mutation) {
  85. if (mutation.type === 'attributes' && mutation.attributeName === 'value') {
  86. const targetInput = mutation.target;
  87. if (targetInput.name === 'cf-turnstile-response') {
  88. //console.log('cf-turnstile-response:', targetInput.value);
  89. window.parent.postMessage({'id':"${id}",'url':"${url}",'key':"${key}",'token':targetInput.value}, '*');
  90. }
  91. }
  92. });
  93. });
  94. observer.observe(document.documentElement, {
  95. attributes: true,
  96. attributeFilter: ['value'],
  97. subtree: true
  98. });
  99. <\/script>
  100. <script src="${fakeApi}" defer><\/script>
  101. </head>
  102. <body style="display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0;">
  103. <div class="cf-turnstile" data-sitekey="${key}"></div>
  104. </body>
  105. </html>`;
  106. const iframe=GM_addElement(document.body, 'iframe', { id,srcdoc: dom });
  107. return iframe;
  108. }
  109. window.addEventListener('message',(e)=>{
  110. const data=e.data;
  111. if(data.url && data.key && data.token && data.id){
  112.  
  113. const tokenInput = document.getElementById('token-input');
  114. tokenInput.value=data.token;
  115. const closeButton = document.getElementById('closeDialog');
  116. closeButton.innerText="Close Time: "+(Date.now()-startTime)/1000+" sec";
  117. const iframe=document.getElementById(data.id);
  118. setTimeout(()=>iframe.remove(),1000);
  119. }
  120. });
  121.  
  122.  
  123. async function main(url,key) {
  124. try{
  125. if(!fakeApi){
  126. fakeApi=await createApiURL()
  127. }
  128. const iframeCF = await createCloudflareFrame(url, key,fakeApi);
  129. }catch(err){
  130. const tokenInput = document.getElementById('token-input');
  131. tokenInput.value="ERROR:"+err.message;
  132. }
  133.  
  134. }
  135. async function createPrompt(){
  136. const dialogHTML=` <dialog id="myDialog">
  137. <h2>Get Token</h2>
  138. <p>
  139. <label for="url-input">URL:</label>
  140. <input type="text" id="url-input" placeholder="Enter URL" value="https://2captcha.com/demo/cloudflare-turnstile">
  141. </p>
  142. <p>
  143. <label for="sitekey-input">Site Key:</label>
  144. <input type="text" id="sitekey-input" placeholder="Enter Site Key" value="0x4AAAAAAAVrOwQWPlm3Bnr5">
  145. </p>
  146. <button id="getToken">Get Token</button>
  147. <p>
  148. <label for="token-input">Token:</label>
  149. <input type="text" id="token-input" placeholder="Token" disabled>
  150. </p>
  151. <button id="closeDialog">Close</button>
  152. </dialog>`;
  153.  
  154. document.body.insertAdjacentHTML('beforeend',dialogHTML);
  155. const dialog = document.getElementById('myDialog');
  156. const closeButton = document.getElementById('closeDialog');
  157. const getTokenButton = document.getElementById('getToken');
  158. const urlInput = document.getElementById('url-input');
  159. const sitekeyInput = document.getElementById('sitekey-input');
  160. dialog.showModal();
  161. closeButton.addEventListener('click', () => {
  162. dialog.close();
  163. });
  164.  
  165. getTokenButton.addEventListener('click', () => {
  166. startTime=Date.now()
  167. const url = urlInput.value;
  168. const sitekey = sitekeyInput.value;
  169. main(url,sitekey);
  170. });
  171. }
  172. if('https://challenges.cloudflare.com'===unsafeWindow.location.origin){
  173.  
  174. const targetSelector="input[type=checkbox]";
  175. Element.prototype._addEventListener = Element.prototype.addEventListener;
  176. Element.prototype.addEventListener = function () {
  177. let args = [...arguments];
  178. let temp = args[1];
  179. args[1] = function () {
  180. let args2 = [...arguments];
  181. args2[0] = new EventModifier(args2[0], { isTrusted: true });
  182. return temp(...args2);
  183. };
  184. return this._addEventListener(...args);
  185. };
  186. EventTarget.prototype._addEventListener = EventTarget.prototype.addEventListener;
  187. EventTarget.prototype.addEventListener = function () {
  188. let args = [...arguments];
  189. let temp = args[1];
  190. args[1] = function () {
  191. let args2 = [...arguments];
  192. args2[0] = new EventModifier(args2[0], { origin: unsafeWindow.location.hash.split("origin=")[1] || args2[0].origin });
  193. return temp(...args2);
  194. };
  195. return this._addEventListener(...args);
  196. };
  197. const observer = new MutationObserver((mutationsList) => {
  198. for (const mutation of mutationsList) {
  199. if (mutation.type === "childList") {
  200. const addedNodes = Array.from(mutation.addedNodes);
  201. for (const addedNode of addedNodes) {
  202. if (addedNode.nodeType === addedNode.ELEMENT_NODE) {
  203. const node = addedNode?.querySelector(targetSelector);
  204. if (node) {
  205. node.parentElement.click();
  206. }
  207. }
  208. }
  209. }
  210. }
  211. });
  212. const observerOptions = {
  213. childList: true,
  214. subtree: true,
  215. };
  216.  
  217. const originalAttachShadow = Element.prototype.attachShadow;
  218.  
  219. function attachShadowProxy(options) {
  220. const shadowRoot = originalAttachShadow.call(this, options);
  221. observer.observe(
  222. shadowRoot,
  223. observerOptions
  224. );
  225.  
  226. return shadowRoot;
  227. }
  228. Element.prototype.attachShadow = attachShadowProxy;
  229.  
  230. }
  231. GM_registerMenuCommand('Open Token Generator', e => {
  232. createPrompt()
  233. });
  234. })();