update

.replit

@@ -0,0 +1,39 @@
+modules = ["nodejs-20"]
+[nix]
+channel = "stable-25_05"
+packages = ["unzip", "chromium", "xvfb-run", "xorg.libX11", "xorg.libXcomposite", "xorg.libXcursor", "xorg.libXdamage", "xorg.libXext", "xorg.libXi", "xorg.libXrandr", "xorg.libXtst", "xorg.libxcb", "nss", "nspr", "alsa-lib", "at-spi2-atk", "cups", "dbus", "libdrm", "mesa", "pango", "jq"]
+
+[agent]
+expertMode = true
+
+[workflows]
+runButton = "Project"
+
+[[workflows.workflow]]
+name = "Project"
+mode = "parallel"
+author = "agent"
+
+[[workflows.workflow.tasks]]
+task = "workflow.run"
+args = "CF Bypass Server"
+
+[[workflows.workflow]]
+name = "CF Bypass Server"
+author = "agent"
+
+[workflows.workflow.metadata]
+outputType = "console"
+
+[[workflows.workflow.tasks]]
+task = "shell.exec"
+args = "xvfb-run --server-args=\"-screen 0 1280x720x24\" bash -c 'PORT=3000 node index.js'"
+waitForPort = 3000
+
+[[ports]]
+localPort = 3000
+externalPort = 3000
+
+[[ports]]
+localPort = 45359
+externalPort = 80

Dockerfile

@@ -0,0 +1,26 @@
+FROM node:latest
+
+RUN apt-get update && apt-get install -y \
+    wget \
+    gnupg \
+    ca-certificates \
+    apt-transport-https \
+    chromium \
+    chromium-driver \
+    xvfb \
+    && rm -rf /var/lib/apt/lists/*
+
+ENV CHROME_BIN=/usr/bin/chromium
+
+WORKDIR /app
+
+COPY package*.json ./
+
+RUN npm update
+RUN npm install
+RUN npm i -g pm2
+COPY . .
+
+EXPOSE 3000
+
+CMD ["pm2-runtime", "index.js"]

data/fakePage.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title></title>
+</head>
+
+<body>
+    <div class="turnstile"></div>
+    <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>
+    <script>
+        window.onloadTurnstileCallback = function () {
+            turnstile.render('.turnstile', {
+                sitekey: '<site-key>',
+                callback: function (token) {
+                    var c = document.createElement('input');
+                    c.type = 'hidden';
+                    c.name = 'cf-response';
+                    c.value = token;
+                    document.body.appendChild(c);
+                },
+            });
+        };
+
+    </script>
+</body>
+
+</html>

endpoints/getSource.js

@@ -0,0 +1,60 @@
+function getSource({ url, proxy }) {
+  return new Promise(async (resolve, reject) => {
+    if (!url) return reject("Missing url parameter");
+    const context = await global.browser
+      .createBrowserContext({
+        proxyServer: proxy ? `http://${proxy.host}:${proxy.port}` : undefined, // https://pptr.dev/api/puppeteer.browsercontextoptions
+      })
+      .catch(() => null);
+    if (!context) return reject("Failed to create browser context");
+
+    let isResolved = false;
+
+    var cl = setTimeout(async () => {
+      if (!isResolved) {
+        await context.close();
+        reject("Timeout Error");
+      }
+    }, global.timeOut || 60000);
+
+    try {
+      const page = await context.newPage();
+
+      if (proxy?.username && proxy?.password)
+        await page.authenticate({
+          username: proxy.username,
+          password: proxy.password,
+        });
+
+      await page.setRequestInterception(true);
+      page.on("request", async (request) => request.continue());
+      page.on("response", async (res) => {
+        try {
+          if (
+            [200, 302].includes(res.status()) &&
+            [url, url + "/"].includes(res.url())
+          ) {
+            await page
+              .waitForNavigation({ waitUntil: "load", timeout: 5000 })
+              .catch(() => {});
+            const html = await page.content();
+            await context.close();
+            isResolved = true;
+            clearInterval(cl);
+            resolve(html);
+          }
+        } catch (e) {}
+      });
+      await page.goto(url, {
+        waitUntil: "domcontentloaded",
+      });
+    } catch (e) {
+      if (!isResolved) {
+        await context.close();
+        clearInterval(cl);
+        reject(e.message);
+      }
+    }
+  });
+}
+module.exports = getSource;

endpoints/proxyRequest.js

@@ -0,0 +1,146 @@
+function proxyRequest({ url, proxy, method = 'GET', body = null, headers = {}, cookies = [], sessionHeaders = {} }) {
+  return new Promise(async (resolve, reject) => {
+    if (!url) return reject("Missing url parameter");
+    
+    const context = await global.browser
+      .createBrowserContext({
+        proxyServer: proxy ? `http://${proxy.host}:${proxy.port}` : undefined,
+      })
+      .catch(() => null);
+    
+    if (!context) return reject("Failed to create browser context");
+
+    let isResolved = false;
+
+    var cl = setTimeout(async () => {
+      if (!isResolved) {
+        await context.close();
+        reject("Timeout Error");
+      }
+    }, global.timeOut || 60000);
+
+    try {
+      const page = await context.newPage();
+
+      if (proxy?.username && proxy?.password)
+        await page.authenticate({
+          username: proxy.username,
+          password: proxy.password,
+        });
+
+      const targetUrl = new URL(url);
+      
+      if (cookies && cookies.length > 0) {
+        const cookiesToSet = cookies.map(cookie => ({
+          name: cookie.name,
+          value: cookie.value,
+          domain: cookie.domain || targetUrl.hostname,
+          path: cookie.path || '/',
+          secure: cookie.secure !== undefined ? cookie.secure : targetUrl.protocol === 'https:',
+          httpOnly: cookie.httpOnly || false,
+          sameSite: cookie.sameSite || 'Lax'
+        }));
+        await page.setCookie(...cookiesToSet);
+      }
+
+      if (sessionHeaders && sessionHeaders['user-agent']) {
+        await page.setUserAgent(sessionHeaders['user-agent']);
+      }
+
+      const sanitizedHeaders = { ...headers };
+      const headersToRemove = ['host', 'content-length', 'connection', 'accept-encoding', 'transfer-encoding'];
+      headersToRemove.forEach(h => {
+        delete sanitizedHeaders[h];
+        delete sanitizedHeaders[h.toLowerCase()];
+      });
+
+      if (sessionHeaders) {
+        if (sessionHeaders['accept-language'] && !sanitizedHeaders['accept-language']) {
+          sanitizedHeaders['accept-language'] = sessionHeaders['accept-language'];
+        }
+      }
+
+      await page.goto(targetUrl.origin, { waitUntil: 'domcontentloaded', timeout: 30000 }).catch(() => {});
+
+      const result = await page.evaluate(async (options) => {
+        try {
+          const fetchOptions = {
+            method: options.method,
+            headers: options.headers || {},
+            credentials: 'include'
+          };
+
+          if (options.body && ['POST', 'PUT', 'PATCH'].includes(options.method.toUpperCase())) {
+            fetchOptions.body = typeof options.body === 'string' 
+              ? options.body 
+              : JSON.stringify(options.body);
+            if (typeof options.body === 'object' && !fetchOptions.headers['content-type']) {
+              fetchOptions.headers['content-type'] = 'application/json';
+            }
+          }
+
+          const response = await fetch(options.url, fetchOptions);
+          
+          const responseHeaders = {};
+          response.headers.forEach((value, key) => {
+            responseHeaders[key] = value;
+          });
+
+          let responseBody;
+          const contentType = response.headers.get('content-type') || '';
+          
+          if (contentType.includes('application/json')) {
+            responseBody = await response.json();
+          } else {
+            responseBody = await response.text();
+          }
+
+          return {
+            status: response.status,
+            statusText: response.statusText,
+            headers: responseHeaders,
+            body: responseBody,
+            ok: response.ok
+          };
+        } catch (e) {
+          return { error: e.message };
+        }
+      }, { url, method, body, headers: sanitizedHeaders });
+
+      if (result.error) {
+        await context.close();
+        isResolved = true;
+        clearTimeout(cl);
+        return reject(result.error);
+      }
+
+      const updatedCookies = await page.cookies();
+      
+      const browserHeaders = await page.evaluate(() => {
+        return {
+          'user-agent': navigator.userAgent,
+          'accept-language': navigator.language || navigator.languages.join(',')
+        };
+      });
+
+      await context.close();
+      isResolved = true;
+      clearInterval(cl);
+
+      resolve({
+        response: result,
+        cookies: updatedCookies,
+        browserHeaders
+      });
+
+    } catch (e) {
+      if (!isResolved) {
+        await context.close();
+        clearTimeout(cl);
+        reject(e.message);
+      }
+    }
+  });
+}
+
+module.exports = proxyRequest;

endpoints/solveTurnstile.max.js

@@ -0,0 +1,80 @@
+const fs = require("fs");
+function solveTurnstileMin({ url, proxy }) {
+  return new Promise(async (resolve, reject) => {
+    if (!url) return reject("Missing url parameter");
+
+    const context = await global.browser
+      .createBrowserContext({
+        proxyServer: proxy ? `http://${proxy.host}:${proxy.port}` : undefined, // https://pptr.dev/api/puppeteer.browsercontextoptions
+      })
+      .catch(() => null);
+
+    if (!context) return reject("Failed to create browser context");
+
+    let isResolved = false;
+
+    var cl = setTimeout(async () => {
+      if (!isResolved) {
+        await context.close();
+        reject("Timeout Error");
+      }
+    }, global.timeOut || 60000);
+
+    try {
+      const page = await context.newPage();
+
+      if (proxy?.username && proxy?.password)
+        await page.authenticate({
+          username: proxy.username,
+          password: proxy.password,
+        });
+        
+      await page.evaluateOnNewDocument(() => {
+        let token = null;
+        async function waitForToken() {
+          while (!token) {
+            try {
+              token = window.turnstile.getResponse();
+            } catch (e) {}
+            await new Promise((resolve) => setTimeout(resolve, 500));
+          }
+          var c = document.createElement("input");
+          c.type = "hidden";
+          c.name = "cf-response";
+          c.value = token;
+          document.body.appendChild(c);
+        }
+        waitForToken();
+      });
+
+      await page.goto(url, {
+        waitUntil: "domcontentloaded",
+      });
+
+      await page.waitForSelector('[name="cf-response"]', {
+        timeout: 60000,
+      });
+      const token = await page.evaluate(() => {
+        try {
+          return document.querySelector('[name="cf-response"]').value;
+        } catch (e) {
+          return null;
+        }
+      });
+      isResolved = true;
+      clearInterval(cl);
+      await context.close();
+      if (!token || token.length < 10) return reject("Failed to get token");
+      return resolve(token);
+    } catch (e) {
+      console.log(e);
+
+      if (!isResolved) {
+        await context.close();
+        clearInterval(cl);
+        reject(e.message);
+      }
+    }
+  });
+}
+module.exports = solveTurnstileMin;

endpoints/solveTurnstile.min.js

@@ -0,0 +1,80 @@
+function solveTurnstileMin({ url, proxy, siteKey }) {
+  return new Promise(async (resolve, reject) => {
+    if (!url) return reject("Missing url parameter");
+    if (!siteKey) return reject("Missing siteKey parameter");
+
+    const context = await global.browser
+      .createBrowserContext({
+        proxyServer: proxy ? `http://${proxy.host}:${proxy.port}` : undefined, // https://pptr.dev/api/puppeteer.browsercontextoptions
+      })
+      .catch(() => null);
+    if (!context) return reject("Failed to create browser context");
+
+    let isResolved = false;
+
+    var cl = setTimeout(async () => {
+      if (!isResolved) {
+        await context.close();
+        reject("Timeout Error");
+      }
+    }, global.timeOut || 60000);
+
+    try {
+      const page = await context.newPage();
+
+      if (proxy?.username && proxy?.password)
+        await page.authenticate({
+          username: proxy.username,
+          password: proxy.password,
+        });
+
+      await page.setRequestInterception(true);
+
+      page.on("request", async (request) => {
+        if (
+          [url, url + "/"].includes(request.url()) &&
+          request.resourceType() === "document"
+        ) {
+          const response = await request.respond({
+            status: 200,
+            contentType: "text/html",
+            body: String(
+              require("fs").readFileSync("./data/fakePage.html")
+            ).replace(/<site-key>/g, siteKey),
+          });
+        } else {
+          await request.continue();
+        }
+      });
+
+      await page.goto(url, {
+        waitUntil: "domcontentloaded",
+      });
+
+      await page.waitForSelector('[name="cf-response"]', {
+        timeout: 60000,
+      });
+
+      const token = await page.evaluate(() => {
+        try {
+          return document.querySelector('[name="cf-response"]').value;
+        } catch (e) {
+          return null;
+        }
+      });
+
+      isResolved = true;
+      clearInterval(cl);
+      await context.close();
+      if (!token || token.length < 10) return reject("Failed to get token");
+      return resolve(token);
+    } catch (e) {
+      if (!isResolved) {
+        await context.close();
+        clearInterval(cl);
+        reject(e.message);
+      }
+    }
+  });
+}
+module.exports = solveTurnstileMin;

endpoints/wafSession.js

@@ -0,0 +1,80 @@
+async function findAcceptLanguage(page) {
+  return await page.evaluate(async () => {
+    const result = await fetch("https://httpbin.org/get")
+      .then((res) => res.json())
+      .then(
+        (res) =>
+          res.headers["Accept-Language"] || res.headers["accept-language"]
+      )
+      .catch(() => null);
+    return result;
+  });
+}
+
+function getSource({ url, proxy }) {
+  return new Promise(async (resolve, reject) => {
+    if (!url) return reject("Missing url parameter");
+    const context = await global.browser
+      .createBrowserContext({
+        proxyServer: proxy ? `http://${proxy.host}:${proxy.port}` : undefined, // https://pptr.dev/api/puppeteer.browsercontextoptions
+      })
+      .catch(() => null);
+    if (!context) return reject("Failed to create browser context");
+
+    let isResolved = false;
+
+    var cl = setTimeout(async () => {
+      if (!isResolved) {
+        await context.close();
+        reject("Timeout Error");
+      }
+    }, global.timeOut || 60000);
+
+    try {
+      const page = await context.newPage();
+
+      if (proxy?.username && proxy?.password)
+        await page.authenticate({
+          username: proxy.username,
+          password: proxy.password,
+        });
+      let acceptLanguage = await findAcceptLanguage(page);
+      await page.setRequestInterception(true);
+      page.on("request", async (request) => request.continue());
+      page.on("response", async (res) => {
+        try {
+          if (
+            [200, 302].includes(res.status()) &&
+            [url, url + "/"].includes(res.url())
+          ) {
+            await page
+              .waitForNavigation({ waitUntil: "load", timeout: 5000 })
+              .catch(() => {});
+            const cookies = await page.cookies();
+            let headers = await res.request().headers();
+            delete headers["content-type"];
+            delete headers["accept-encoding"];
+            delete headers["accept"];
+            delete headers["content-length"];
+            headers["accept-language"] = acceptLanguage;
+            await context.close();
+            isResolved = true;
+            clearInterval(cl);
+            resolve({ cookies, headers });
+          }
+        } catch (e) {}
+      });
+
+      await page.goto(url, {
+        waitUntil: "domcontentloaded",
+      });
+    } catch (e) {
+      if (!isResolved) {
+        await context.close();
+        clearInterval(cl);
+        reject(e.message);
+      }
+    }
+  });
+}
+module.exports = getSource;

index.js

@@ -0,0 +1,85 @@
+const express = require('express')
+const app = express()
+const port = process.env.PORT || 3939
+const bodyParser = require('body-parser')
+const authToken = process.env.authToken || null
+const cors = require('cors')
+const reqValidate = require('./module/reqValidate')
+const swaggerUi = require('swagger-ui-express')
+const openApiSpec = require('./module/openapi')
+
+global.browserLength = 0
+global.browserLimit = Number(process.env.browserLimit) || 20
+global.timeOut = Number(process.env.timeOut || 60000)
+
+app.set('json spaces', 2);
+app.use(bodyParser.json({}))
+app.use(bodyParser.urlencoded({ extended: true }))
+app.use(cors())
+if (process.env.NODE_ENV !== 'development') {
+    let server = app.listen(port, () => { console.log(`Server running on port ${port}`) })
+    try {
+        server.timeout = global.timeOut
+    } catch (e) { }
+}
+if (process.env.SKIP_LAUNCH != 'true') require('./module/createBrowser')
+
+const getSource = require('./endpoints/getSource')
+const solveTurnstileMin = require('./endpoints/solveTurnstile.min')
+const solveTurnstileMax = require('./endpoints/solveTurnstile.max')
+const wafSession = require('./endpoints/wafSession')
+const proxyRequest = require('./endpoints/proxyRequest')
+
+
+async function handleSolverRequest(req, res) {
+    const data = req.method === 'POST' ? { ...req.query, ...req.body } : req.query;
+
+    const check = reqValidate(data)
+
+    if (check !== true) return res.status(400).json({ code: 400, message: 'Bad Request', schema: check })
+
+    if (authToken && data.authToken !== authToken) return res.status(401).json({ code: 401, message: 'Unauthorized' })
+
+    if (global.browserLength >= global.browserLimit) return res.status(429).json({ code: 429, message: 'Too Many Requests' })
+
+    if (process.env.SKIP_LAUNCH != 'true' && !global.browser) return res.status(500).json({ code: 500, message: 'The scanner is not ready yet. Please try again a little later.' })
+
+    var result = { code: 500 }
+
+    global.browserLength++
+
+    switch (data.mode) {
+        case "source":
+            result = await getSource(data).then(res => { return { source: res, code: 200 } }).catch(err => { return { code: 500, message: err.message } })
+            break;
+        case "turnstile-min":
+            result = await solveTurnstileMin(data).then(res => { return { token: res, code: 200 } }).catch(err => { return { code: 500, message: err.message } })
+            break;
+        case "turnstile-max":
+            result = await solveTurnstileMax(data).then(res => { return { token: res, code: 200 } }).catch(err => { return { code: 500, message: err.message } })
+            break;
+        case "waf-session":
+            result = await wafSession(data).then(res => { return { ...res, code: 200 } }).catch(err => { return { code: 500, message: err.message } })
+            break;
+        case "proxy-request":
+            result = await proxyRequest(data).then(res => { return { ...res, code: 200 } }).catch(err => { return { code: 500, message: err.message || err } })
+            break;
+    }
+
+    global.browserLength--
+
+    res.status(result.code ?? 500).send(result)
+}
+
+app.get('/solver', handleSolverRequest);
+app.post('/solver', handleSolverRequest);
+
+app.get('/api-docs.json', (req, res) => {
+    res.json(openApiSpec);
+});
+
+app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(openApiSpec));
+
+app.use((req, res) => { res.status(404).json({ code: 404, message: 'Not Found' }) })
+
+if (process.env.NODE_ENV == 'development') module.exports = app

module/createBrowser.js

@@ -0,0 +1,35 @@
+const { connect } = require("puppeteer-real-browser")
+async function createBrowser() {
+    try {
+        if (global.finished == true) return
+
+        global.browser = null
+
+        // console.log('Launching the browser...');
+
+        const { browser } = await connect({
+            headless: false,
+            turnstile: true,
+            connectOption: { defaultViewport: null },
+            disableXvfb: false,
+        })
+
+        // console.log('Browser launched');
+
+        global.browser = browser;
+
+        browser.on('disconnected', async () => {
+            if (global.finished == true) return
+            console.log('Browser disconnected');
+            await new Promise(resolve => setTimeout(resolve, 3000));
+            await createBrowser();
+        })
+
+    } catch (e) {
+        console.log(e.message);
+        if (global.finished == true) return
+        await new Promise(resolve => setTimeout(resolve, 3000));
+        await createBrowser();
+    }
+}
+createBrowser()

module/openapi.js

@@ -0,0 +1,297 @@
+const openApiSpec = {
+    openapi: "3.0.3",
+    info: {
+        title: "CF Bypass Solver API",
+        description: "API for solving Cloudflare challenges including Turnstile captchas, WAF sessions, and proxy requests.",
+        version: "1.0.0"
+    },
+    servers: [
+        {
+            url: "/",
+            description: "Current server"
+        }
+    ],
+    paths: {
+        "/solver": {
+            get: {
+                summary: "Solver endpoint (GET)",
+                description: "Handle solver requests via GET method. The mode parameter determines which solver to use.",
+                parameters: [
+                    { $ref: "#/components/parameters/mode" },
+                    { $ref: "#/components/parameters/url" },
+                    { $ref: "#/components/parameters/authToken" },
+                    { $ref: "#/components/parameters/siteKey" }
+                ],
+                responses: {
+                    200: { $ref: "#/components/responses/SuccessResponse" },
+                    400: { $ref: "#/components/responses/BadRequest" },
+                    401: { $ref: "#/components/responses/Unauthorized" },
+                    429: { $ref: "#/components/responses/TooManyRequests" },
+                    500: { $ref: "#/components/responses/ServerError" }
+                }
+            },
+            post: {
+                summary: "Solver endpoint (POST)",
+                description: "Handle solver requests via POST method. The mode parameter determines which solver to use.",
+                requestBody: {
+                    required: true,
+                    content: {
+                        "application/json": {
+                            schema: { $ref: "#/components/schemas/SolverRequest" }
+                        }
+                    }
+                },
+                responses: {
+                    200: { $ref: "#/components/responses/SuccessResponse" },
+                    400: { $ref: "#/components/responses/BadRequest" },
+                    401: { $ref: "#/components/responses/Unauthorized" },
+                    429: { $ref: "#/components/responses/TooManyRequests" },
+                    500: { $ref: "#/components/responses/ServerError" }
+                }
+            }
+        },
+        "/api-docs": {
+            get: {
+                summary: "OpenAPI Documentation UI",
+                description: "Interactive Swagger UI documentation for the API.",
+                responses: {
+                    200: {
+                        description: "HTML page with Swagger UI"
+                    }
+                }
+            }
+        },
+        "/api-docs.json": {
+            get: {
+                summary: "OpenAPI JSON Specification",
+                description: "Returns the raw OpenAPI specification in JSON format.",
+                responses: {
+                    200: {
+                        description: "OpenAPI specification",
+                        content: {
+                            "application/json": {
+                                schema: {
+                                    type: "object"
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    },
+    components: {
+        parameters: {
+            mode: {
+                name: "mode",
+                in: "query",
+                required: true,
+                description: "The solver mode to use",
+                schema: {
+                    type: "string",
+                    enum: ["source", "turnstile-min", "turnstile-max", "waf-session", "proxy-request"]
+                }
+            },
+            url: {
+                name: "url",
+                in: "query",
+                required: true,
+                description: "Target URL to process",
+                schema: {
+                    type: "string",
+                    format: "uri"
+                }
+            },
+            authToken: {
+                name: "authToken",
+                in: "query",
+                required: false,
+                description: "Authentication token (required if server has authToken configured)",
+                schema: {
+                    type: "string"
+                }
+            },
+            siteKey: {
+                name: "siteKey",
+                in: "query",
+                required: false,
+                description: "Turnstile site key (required for turnstile modes)",
+                schema: {
+                    type: "string"
+                }
+            }
+        },
+        schemas: {
+            SolverRequest: {
+                type: "object",
+                required: ["mode", "url"],
+                properties: {
+                    mode: {
+                        type: "string",
+                        enum: ["source", "turnstile-min", "turnstile-max", "waf-session", "proxy-request"],
+                        description: "The solver mode to use"
+                    },
+                    url: {
+                        type: "string",
+                        format: "uri",
+                        description: "Target URL to process"
+                    },
+                    authToken: {
+                        type: "string",
+                        description: "Authentication token (required if server has authToken configured)"
+                    },
+                    siteKey: {
+                        type: "string",
+                        description: "Turnstile site key (required for turnstile modes)"
+                    },
+                    proxy: {
+                        type: "object",
+                        description: "Proxy configuration",
+                        properties: {
+                            host: { type: "string", description: "Proxy host" },
+                            port: { type: "integer", description: "Proxy port" },
+                            username: { type: "string", description: "Proxy username" },
+                            password: { type: "string", description: "Proxy password" }
+                        }
+                    },
+                    method: {
+                        type: "string",
+                        enum: ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"],
+                        description: "HTTP method for proxy-request mode"
+                    },
+                    body: {
+                        oneOf: [
+                            { type: "string" },
+                            { type: "object" }
+                        ],
+                        description: "Request body for proxy-request mode"
+                    },
+                    headers: {
+                        type: "object",
+                        description: "Custom headers for the request"
+                    },
+                    cookies: {
+                        type: "array",
+                        description: "Cookies to set for the request",
+                        items: {
+                            type: "object",
+                            required: ["name", "value"],
+                            properties: {
+                                name: { type: "string" },
+                                value: { type: "string" },
+                                domain: { type: "string" },
+                                path: { type: "string" },
+                                secure: { type: "boolean" },
+                                httpOnly: { type: "boolean" },
+                                sameSite: { type: "string" }
+                            }
+                        }
+                    },
+                    sessionHeaders: {
+                        type: "object",
+                        description: "Session headers for waf-session mode"
+                    }
+                }
+            },
+            SourceResponse: {
+                type: "object",
+                properties: {
+                    code: { type: "integer", example: 200 },
+                    source: { type: "string", description: "Page source HTML" }
+                }
+            },
+            TurnstileResponse: {
+                type: "object",
+                properties: {
+                    code: { type: "integer", example: 200 },
+                    token: { type: "string", description: "Solved Turnstile token" }
+                }
+            },
+            WafSessionResponse: {
+                type: "object",
+                properties: {
+                    code: { type: "integer", example: 200 },
+                    cookies: { type: "array", items: { type: "object" } },
+                    headers: { type: "object" }
+                }
+            },
+            ProxyRequestResponse: {
+                type: "object",
+                properties: {
+                    code: { type: "integer", example: 200 },
+                    status: { type: "integer" },
+                    headers: { type: "object" },
+                    body: { type: "string" }
+                }
+            },
+            ErrorResponse: {
+                type: "object",
+                properties: {
+                    code: { type: "integer" },
+                    message: { type: "string" }
+                }
+            }
+        },
+        responses: {
+            SuccessResponse: {
+                description: "Successful response. Content varies based on mode used.",
+                content: {
+                    "application/json": {
+                        schema: {
+                            oneOf: [
+                                { $ref: "#/components/schemas/SourceResponse" },
+                                { $ref: "#/components/schemas/TurnstileResponse" },
+                                { $ref: "#/components/schemas/WafSessionResponse" },
+                                { $ref: "#/components/schemas/ProxyRequestResponse" }
+                            ]
+                        }
+                    }
+                }
+            },
+            BadRequest: {
+                description: "Invalid request parameters",
+                content: {
+                    "application/json": {
+                        schema: {
+                            type: "object",
+                            properties: {
+                                code: { type: "integer", example: 400 },
+                                message: { type: "string", example: "Bad Request" },
+                                schema: { type: "array", items: { type: "object" } }
+                            }
+                        }
+                    }
+                }
+            },
+            Unauthorized: {
+                description: "Invalid or missing authentication token",
+                content: {
+                    "application/json": {
+                        schema: { $ref: "#/components/schemas/ErrorResponse" },
+                        example: { code: 401, message: "Unauthorized" }
+                    }
+                }
+            },
+            TooManyRequests: {
+                description: "Browser limit reached",
+                content: {
+                    "application/json": {
+                        schema: { $ref: "#/components/schemas/ErrorResponse" },
+                        example: { code: 429, message: "Too Many Requests" }
+                    }
+                }
+            },
+            ServerError: {
+                description: "Internal server error",
+                content: {
+                    "application/json": {
+                        schema: { $ref: "#/components/schemas/ErrorResponse" },
+                        example: { code: 500, message: "Error message" }
+                    }
+                }
+            }
+        }
+    }
+};
+
+module.exports = openApiSpec;

module/reqValidate.js

@@ -0,0 +1,87 @@
+const Ajv = require("ajv")
+const addFormats = require("ajv-formats")
+
+const ajv = new Ajv()
+addFormats(ajv)
+
+const schema = {
+    "type": "object",
+    "properties": {
+        "mode": {
+            "type": "string",
+            "enum": ["source", "turnstile-min", "turnstile-max", "waf-session", "proxy-request"],
+        },
+        "proxy": {
+            "type": "object",
+            "properties": {
+                "host": { "type": "string" },
+                "port": { "type": "integer" },
+                "username": { "type": "string" },
+                "password": { "type": "string" }
+            },
+            "additionalProperties": false
+        },
+        "url": {
+            "type": "string",
+            "format": "uri",
+        },
+        "authToken": {
+            "type": "string"
+        },
+        "siteKey": {
+            "type": "string"
+        },
+        "method": {
+            "type": "string",
+            "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]
+        },
+        "body": {
+            "type": ["string", "object"]
+        },
+        "headers": {
+            "type": "object"
+        },
+        "cookies": {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "name": { "type": "string" },
+                    "value": { "type": "string" },
+                    "domain": { "type": "string" },
+                    "path": { "type": "string" },
+                    "secure": { "type": "boolean" },
+                    "httpOnly": { "type": "boolean" },
+                    "sameSite": { "type": "string" }
+                },
+                "required": ["name", "value"]
+            }
+        },
+        "sessionHeaders": {
+            "type": "object"
+        }
+    },
+    "required": ["mode", "url"],
+    "additionalProperties": false
+}
+
+// const data = {
+//     mode: "source",
+//     url: "https://example.com",
+//     proxy: {
+//         host: "localhost",
+//         port: 8080,
+//         username: "test",
+//         password: "test"
+//     },
+//     authToken: "123456"
+// }
+
+
+function validate(data) {
+    const valid = ajv.validate(schema, data)
+    if (!valid) return ajv.errors
+    else return true
+}
+
+module.exports = validate

package.json

@@ -0,0 +1,42 @@
+{
+  "name": "cf-solver-scraper",
+  "version": "2.1.3",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js",
+    "test": "node --experimental-vm-modules ./node_modules/.bin/jest --detectOpenHandles --verbose"
+  },
+  "jest": {
+    "testMatch": [
+      "**/tests/**/*.js"
+    ],
+    "verbose": true
+  },
+  "keywords": [
+    "cf-clearance",
+    "cloudflare",
+    "waf",
+    "scraper",
+    "puppeteer",
+    "xvfb",
+    "turnstile",
+    "bypass",
+    "undetected",
+    "stealth"
+  ],
+  "author": "zfcsoftware",
+  "license": "ISC",
+  "description": "This package is an experimental and educational package created for Cloudflare protections.",
+  "dependencies": {
+    "ajv": "^8.17.1",
+    "ajv-formats": "^3.0.1",
+    "body-parser": "^1.20.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "express": "^4.21.0",
+    "jest": "^29.7.0",
+    "puppeteer-real-browser": "^1.4.0",
+    "supertest": "^7.0.0",
+    "swagger-ui-express": "^5.0.1"
+  }
+}

replit.md

@@ -0,0 +1,145 @@
+# Overview
+
+This is a Cloudflare protection bypass service that provides web scraping and bot protection circumvention capabilities. The application acts as an API service that uses headless browser automation (via Puppeteer) to solve Cloudflare challenges, including Turnstile CAPTCHAs and WAF (Web Application Firewall) sessions. It exposes multiple endpoints for different bypass strategies and can operate with or without proxy support.
+
+# User Preferences
+
+Preferred communication style: Simple, everyday language.
+
+# System Architecture
+
+## Backend Architecture
+
+**Framework**: Express.js REST API server
+- **Problem**: Need to provide multiple browser automation endpoints as HTTP services
+- **Solution**: Express server with JSON body parsing, CORS support, and configurable timeout handling
+- **Rationale**: Express provides a lightweight, flexible framework for creating API endpoints with middleware support for authentication and request validation
+
+**Request Handling Pattern**: Unified handler with mode-based routing
+- **Problem**: Multiple similar endpoints with shared authentication and rate limiting logic
+- **Solution**: Single `handleSolverRequest` function that routes based on `mode` parameter
+- **Alternatives**: Separate route handlers per endpoint
+- **Pros**: Centralized validation, authentication, and rate limiting; reduced code duplication
+- **Cons**: Single handler must accommodate different parameter requirements per mode
+
+**Global State Management**: Module-level globals for browser instance and rate limiting
+- **Problem**: Need to share browser instance and track concurrent requests across all handlers
+- **Solution**: Global variables (`global.browser`, `global.browserLength`, `global.browserLimit`)
+- **Rationale**: Browser instance is expensive to create; rate limiting requires shared state
+- **Cons**: Not horizontally scalable; state is lost on restart
+
+## Browser Automation
+
+**Browser Management**: Puppeteer with automatic reconnection
+- **Problem**: Headless browsers can crash or disconnect unpredictably
+- **Solution**: Auto-reconnection logic in `createBrowser.js` with exponential backoff
+- **Technology**: `puppeteer-real-browser` package for enhanced stealth capabilities
+- **Features**: Turnstile-ready configuration, XVFB support for headless environments, real browser fingerprinting
+
+**Context Isolation**: Browser contexts per request
+- **Problem**: Need to isolate each request's cookies, sessions, and proxy settings
+- **Solution**: Create new browser context for each request with independent proxy configuration
+- **Pros**: Complete isolation between concurrent requests; clean state per request
+- **Cons**: Higher resource usage than tab-based isolation
+
+**Timeout Management**: Per-request timeout with cleanup
+- **Problem**: Browser automation can hang indefinitely on problematic sites
+- **Solution**: Configurable timeout (`global.timeOut`) with context cleanup in all endpoints
+- **Rationale**: Prevents resource leaks and ensures predictable response times
+
+## API Endpoints & Modes
+
+**Mode-Based Architecture**: Six distinct bypass strategies
+1. **source**: Fetch page HTML after Cloudflare challenge resolution
+2. **turnstile-min**: Solve Turnstile CAPTCHA using injected fake page with real site key
+3. **turnstile-max**: Solve Turnstile on actual target page
+4. **waf-session**: Create authenticated session with Cloudflare cookies and headers
+5. **proxy-request**: Make authenticated requests using cookies/headers from waf-session (session reuse)
+
+**Session Reuse Workflow** (proxy-request):
+- First call `waf-session` to get cookies + headers
+- Pass those to `proxy-request` via `cookies` and `sessionHeaders` parameters
+- Requests are made through the same browser (Chrome fingerprint), maintaining CF clearance
+
+**Request Validation**: JSON Schema validation with AJV
+- **Problem**: Need to validate complex nested request structures (proxy configs, cookies, headers)
+- **Solution**: AJV with format validation for URIs and enums for modes/HTTP methods
+- **Rationale**: Schema-based validation provides clear error messages and type safety
+
+## Security & Rate Limiting
+
+**Authentication**: Optional token-based authentication
+- **Implementation**: `authToken` environment variable compared against request parameter
+- **Design**: Simple bearer-style token authentication
+- **Rationale**: Lightweight protection for self-hosted deployments
+
+**Rate Limiting**: Browser instance concurrency limits
+- **Problem**: Too many concurrent browser contexts can exhaust system resources
+- **Solution**: `browserLimit` (default 20) enforced via `browserLength` counter
+- **Mechanism**: Request rejected with 429 if limit exceeded
+- **Cons**: In-memory counter doesn't work across multiple instances
+
+**Proxy Authentication**: Built-in proxy credential handling
+- **Problem**: Many proxies require username/password authentication
+- **Solution**: Puppeteer's `page.authenticate()` for proxy credentials
+- **Support**: Configurable per-request proxy with optional authentication
+
+## Environment Configuration
+
+**Configuration Strategy**: Environment variables with sensible defaults
+- `PORT`: Server port (default: 3939)
+- `authToken`: Optional API authentication
+- `browserLimit`: Max concurrent browser contexts (default: 20)
+- `timeOut`: Request timeout in milliseconds (default: 60000)
+- `SKIP_LAUNCH`: Skip browser initialization for testing
+- `NODE_ENV`: Environment mode (development vs production)
+
+# External Dependencies
+
+## Core Dependencies
+
+**puppeteer-real-browser** (v1.4.0)
+- **Purpose**: Enhanced Puppeteer wrapper with anti-detection features
+- **Key Features**: Turnstile challenge solving, real browser fingerprinting, XVFB support
+- **Integration**: Global browser instance managed in `module/createBrowser.js`
+
+**Express** (v4.21.0)
+- **Purpose**: HTTP server framework
+- **Integration**: Main application server with middleware stack
+
+**body-parser** (v1.20.3)
+- **Purpose**: Parse JSON and URL-encoded request bodies
+- **Integration**: Middleware for POST request handling
+
+**cors** (v2.8.5)
+- **Purpose**: Enable Cross-Origin Resource Sharing
+- **Integration**: Middleware to allow API access from web clients
+
+## Validation & Schema
+
+**ajv** (v8.17.1) + **ajv-formats** (v3.0.1)
+- **Purpose**: JSON Schema validation with format extensions
+- **Integration**: Request parameter validation in `module/reqValidate.js`
+- **Schemas**: Validates URL formats, proxy configs, HTTP methods, cookie structures
+
+## Testing
+
+**jest** (v29.7.0)
+- **Purpose**: Test framework
+- **Configuration**: Tests located in `tests/` directory with verbose output
+
+**supertest** (v7.0.0)
+- **Purpose**: HTTP assertion library for API testing
+- **Integration**: Testing Express endpoints
+
+## External Services
+
+**Cloudflare Turnstile API**
+- **Integration**: Loaded via CDN script in fake page template
+- **URL**: `https://challenges.cloudflare.com/turnstile/v0/api.js`
+- **Purpose**: CAPTCHA challenge rendering and token generation
+
+**httpbin.org**
+- **Purpose**: Header detection service used in `wafSession.js` to extract Accept-Language header
+- **Endpoint**: `https://httpbin.org/get`
+- **Usage**: Validate browser fingerprinting fidelity

test-autz-gmail.js

@@ -0,0 +1,122 @@
+const { connect } = require('puppeteer-real-browser');
+
+async function createAutzAccountWithGmail() {
+    console.log('Launching browser...');
+    
+    const { browser, page } = await connect({
+        headless: 'auto',
+        args: ['--no-sandbox', '--disable-setuid-sandbox'],
+        turnstile: true
+    });
+
+    const testEmail = 'benneu40@gmail.com';
+
+    try {
+        console.log('\n=== STEP 1: Navigate to Autz.org ===');
+        await page.goto('https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F', {
+            waitUntil: 'networkidle2',
+            timeout: 60000
+        });
+        
+        console.log('Page loaded, waiting for content...');
+        await new Promise(resolve => setTimeout(resolve, 3000));
+
+        await page.screenshot({ path: 'gmail-step1.png', fullPage: true });
+        console.log('Screenshot saved: gmail-step1.png');
+
+        console.log('\n=== STEP 2: Enter Gmail address ===');
+        const emailField = await page.$('input[type="email"]');
+        if (emailField) {
+            console.log(`Entering email: ${testEmail}`);
+            await emailField.click();
+            await new Promise(resolve => setTimeout(resolve, 500));
+            await emailField.evaluate(el => el.value = '');
+            await emailField.type(testEmail, { delay: 100 });
+            await new Promise(resolve => setTimeout(resolve, 500));
+            
+            const enteredValue = await emailField.evaluate(el => el.value);
+            console.log('Email field value:', enteredValue);
+        }
+
+        console.log('\n=== STEP 3: Wait for Turnstile captcha ===');
+        console.log('Waiting for captcha to auto-solve...');
+        
+        let captchaSolved = false;
+        for (let i = 0; i < 30; i++) {
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            const html = await page.content();
+            
+            if (html.includes('Success') || html.includes('success')) {
+                console.log('Captcha solved!');
+                captchaSolved = true;
+                await new Promise(resolve => setTimeout(resolve, 2000));
+                break;
+            }
+            
+            if (i % 5 === 0) {
+                console.log(`Waiting for captcha... ${i + 1}/30`);
+            }
+        }
+
+        await page.screenshot({ path: 'gmail-step2.png', fullPage: true });
+        console.log('Screenshot saved: gmail-step2.png');
+
+        console.log('\n=== STEP 4: Click Continue button ===');
+        const allBtns = await page.$$('button');
+        for (const btn of allBtns) {
+            const text = await page.evaluate(el => el.textContent, btn);
+            if (text && text.includes('Continue') && !text.includes('Google')) {
+                console.log('Clicking Continue button...');
+                
+                await btn.focus();
+                await new Promise(resolve => setTimeout(resolve, 300));
+                await btn.click();
+                console.log('Clicked via .click()');
+                
+                await new Promise(resolve => setTimeout(resolve, 1000));
+                
+                await page.keyboard.press('Enter');
+                console.log('Pressed Enter key');
+                break;
+            }
+        }
+
+        console.log('Waiting for page to change...');
+        for (let i = 0; i < 15; i++) {
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            const text = await page.evaluate(() => document.body.innerText);
+            if (text.includes('Password') || text.includes('password') || text.includes('code') || text.includes('verify')) {
+                console.log('Page changed! New content detected.');
+                break;
+            }
+            console.log(`Waiting... ${i + 1}/15`);
+        }
+
+        await page.screenshot({ path: 'gmail-step3.png', fullPage: true });
+        console.log('Screenshot saved: gmail-step3.png');
+
+        const pageText = await page.evaluate(() => document.body.innerText);
+        console.log('\n--- Current page content ---');
+        console.log(pageText.substring(0, 1500));
+
+        console.log('\nCurrent URL:', page.url());
+
+        if (pageText.includes('Password') && pageText.includes('Name')) {
+            console.log('\n=== SUCCESS: Registration form detected! ===');
+            console.log('The Gmail address worked - temp email domains were likely being blocked.');
+        } else if (pageText.includes('code') || pageText.includes('verify')) {
+            console.log('\n=== Verification step detected ===');
+        } else {
+            console.log('\n=== Page did not advance ===');
+        }
+
+    } catch (error) {
+        console.error('Error:', error.message);
+        await page.screenshot({ path: 'gmail-error.png', fullPage: true });
+    } finally {
+        await browser.close();
+        console.log('\nBrowser closed.');
+    }
+}
+
+createAutzAccountWithGmail();

test-autz-signup.js

@@ -0,0 +1,292 @@
+const { connect } = require('puppeteer-real-browser');
+
+async function createAutzAccount() {
+    console.log('Launching browser...');
+    
+    const { browser, page } = await connect({
+        headless: 'auto',
+        args: ['--no-sandbox', '--disable-setuid-sandbox'],
+        turnstile: true
+    });
+
+    let tempEmail = null;
+    let tmailorPage = null;
+
+    try {
+        console.log('\n=== STEP 1: Get Temp Email from tmailor.com ===');
+        await page.goto('https://tmailor.com', { 
+            waitUntil: 'networkidle2',
+            timeout: 60000 
+        });
+        await new Promise(resolve => setTimeout(resolve, 3000));
+
+        const buttons = await page.$$('button, a');
+        for (const btn of buttons) {
+            const text = await page.evaluate(el => el.textContent, btn);
+            if (text && text.includes('New Email')) {
+                console.log('Clicking New Email button...');
+                await btn.click();
+                await new Promise(resolve => setTimeout(resolve, 3000));
+                break;
+            }
+        }
+
+        const emailInput = await page.$('input[readonly]');
+        if (emailInput) {
+            tempEmail = await page.evaluate(el => el.value, emailInput);
+            console.log('Got temp email:', tempEmail);
+        }
+
+        if (!tempEmail || !tempEmail.includes('@')) {
+            throw new Error('Could not get temp email from tmailor');
+        }
+
+        tmailorPage = page;
+
+        console.log('\n=== STEP 2: Navigate to Autz.org ===');
+        const autzPage = await browser.newPage();
+        await autzPage.goto('https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F', {
+            waitUntil: 'networkidle2',
+            timeout: 60000
+        });
+        
+        console.log('Page loaded, waiting for content...');
+        await new Promise(resolve => setTimeout(resolve, 3000));
+
+        await autzPage.screenshot({ path: 'autz-step1.png', fullPage: true });
+        console.log('Screenshot saved: autz-step1.png');
+
+        const pageText = await autzPage.evaluate(() => document.body.innerText);
+        console.log('\n--- Page content (first 1000 chars) ---');
+        console.log(pageText.substring(0, 1000));
+
+        console.log('\n=== STEP 3: Look for email input field ===');
+        const emailSelectors = [
+            'input[type="email"]',
+            'input[name="email"]',
+            'input[placeholder*="email" i]',
+            'input[id*="email" i]',
+            'input[type="text"]'
+        ];
+
+        let emailField = null;
+        for (const selector of emailSelectors) {
+            emailField = await autzPage.$(selector);
+            if (emailField) {
+                console.log(`Found email field with selector: ${selector}`);
+                break;
+            }
+        }
+
+        if (emailField) {
+            console.log(`Entering email: ${tempEmail}`);
+            await emailField.click();
+            await emailField.type(tempEmail, { delay: 50 });
+            await new Promise(resolve => setTimeout(resolve, 1000));
+        } else {
+            console.log('No email field found on page');
+        }
+
+        console.log('\n=== STEP 4: Wait for Turnstile captcha ===');
+        
+        console.log('Looking for Turnstile iframe...');
+        await new Promise(resolve => setTimeout(resolve, 2000));
+        
+        const frames = autzPage.frames();
+        console.log(`Found ${frames.length} frames`);
+        for (const frame of frames) {
+            const url = frame.url();
+            console.log('Frame:', url);
+            if (url.includes('turnstile') || url.includes('challenges')) {
+                console.log('Found Turnstile frame! Waiting for it to solve...');
+                await new Promise(resolve => setTimeout(resolve, 5000));
+            }
+        }
+        
+        console.log('Waiting for captcha to auto-solve...');
+        let captchaSolved = false;
+        for (let i = 0; i < 30; i++) {
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            
+            const html = await autzPage.content();
+            
+            if (html.includes('Success') || html.includes('success') || html.includes('cf-turnstile-success')) {
+                console.log('Captcha solved!');
+                captchaSolved = true;
+                await new Promise(resolve => setTimeout(resolve, 2000));
+                break;
+            }
+            
+            if (i % 5 === 0) {
+                console.log(`Waiting for captcha... ${i + 1}/30`);
+            }
+        }
+        
+        if (!captchaSolved) {
+            console.log('Captcha may not be fully solved, trying anyway...');
+        }
+
+        await autzPage.screenshot({ path: 'autz-step2.png', fullPage: true });
+        console.log('Screenshot saved: autz-step2.png');
+
+        console.log('\n=== STEP 5: Click Continue button ===');
+        
+        const continueBtn = await autzPage.$('button');
+        const allContinueBtns = await autzPage.$$('button');
+        
+        for (const btn of allContinueBtns) {
+            const text = await autzPage.evaluate(el => el.textContent, btn);
+            if (text && text.includes('Continue')) {
+                console.log('Found Continue button, clicking with mouse simulation...');
+                
+                const box = await btn.boundingBox();
+                if (box) {
+                    await autzPage.mouse.click(box.x + box.width / 2, box.y + box.height / 2);
+                    console.log('Clicked at', box.x + box.width / 2, box.y + box.height / 2);
+                } else {
+                    await btn.click();
+                }
+                break;
+            }
+        }
+        
+        console.log('Waiting for page content to change...');
+        for (let i = 0; i < 10; i++) {
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            const text = await autzPage.evaluate(() => document.body.innerText);
+            if (text.includes('Password') || text.includes('password')) {
+                console.log('Registration form detected!');
+                break;
+            }
+            console.log(`Waiting... ${i + 1}/10`);
+        }
+
+        await new Promise(resolve => setTimeout(resolve, 2000));
+        await autzPage.screenshot({ path: 'autz-step3.png', fullPage: true });
+        console.log('Screenshot saved: autz-step3.png');
+
+        let pageText2 = await autzPage.evaluate(() => document.body.innerText);
+        console.log('\n--- Page after Continue (first 1000 chars) ---');
+        console.log(pageText2.substring(0, 1000));
+
+        const currentUrl = autzPage.url();
+        console.log('Current URL:', currentUrl);
+
+        if (pageText2.toLowerCase().includes('password') && pageText2.toLowerCase().includes('name')) {
+            console.log('\n=== STEP 6: Fill out registration form ===');
+            
+            const passwordField = await autzPage.$('input[type="password"], input[name="password"], input[placeholder*="password" i]');
+            if (passwordField) {
+                const password = 'TestPass123!';
+                console.log('Entering password...');
+                await passwordField.click();
+                await passwordField.type(password, { delay: 30 });
+            }
+            
+            const allInputs = await autzPage.$$('input');
+            console.log(`Found ${allInputs.length} input fields`);
+            
+            for (const input of allInputs) {
+                const inputType = await autzPage.evaluate(el => el.type, input);
+                const inputName = await autzPage.evaluate(el => el.name || el.placeholder || '', input);
+                const inputValue = await autzPage.evaluate(el => el.value, input);
+                console.log(`Input: type=${inputType}, name/placeholder=${inputName}, value=${inputValue?.substring(0, 20)}`);
+                
+                if (inputName.toLowerCase().includes('name') && !inputName.toLowerCase().includes('email') && !inputValue) {
+                    console.log('Entering name...');
+                    await input.click();
+                    await input.type('Test User', { delay: 30 });
+                }
+                
+                if ((inputType === 'tel' || inputName.toLowerCase().includes('phone')) && !inputValue) {
+                    console.log('Entering phone...');
+                    await input.click();
+                    await input.type('+12025551234', { delay: 30 });
+                }
+            }
+            
+            await autzPage.screenshot({ path: 'autz-step4-form.png', fullPage: true });
+            console.log('Screenshot saved: autz-step4-form.png');
+            
+            console.log('Looking for Create Account button...');
+            const createBtn = await autzPage.$('button');
+            const allBtns = await autzPage.$$('button');
+            for (const btn of allBtns) {
+                const text = await autzPage.evaluate(el => el.textContent, btn);
+                if (text && (text.includes('Create Account') || text.includes('Register') || text.includes('Sign Up'))) {
+                    console.log('Clicking Create Account button...');
+                    await btn.click();
+                    await new Promise(resolve => setTimeout(resolve, 5000));
+                    break;
+                }
+            }
+            
+            await autzPage.screenshot({ path: 'autz-step5-after-register.png', fullPage: true });
+            console.log('Screenshot saved: autz-step5-after-register.png');
+            
+            const finalText = await autzPage.evaluate(() => document.body.innerText);
+            console.log('\n--- Page after registration (first 1000 chars) ---');
+            console.log(finalText.substring(0, 1000));
+        }
+
+        if (pageText2.toLowerCase().includes('code') || pageText2.toLowerCase().includes('verify') || pageText2.toLowerCase().includes('otp') || pageText2.toLowerCase().includes('sent') || pageText2.toLowerCase().includes('check your email')) {
+            console.log('\nVerification code requested! Need to check email...');
+        }
+
+        console.log('\n=== STEP 7: Check tmailor inbox for verification email ===');
+        await tmailorPage.bringToFront();
+        
+        for (let attempt = 1; attempt <= 5; attempt++) {
+            console.log(`\nChecking inbox, attempt ${attempt}/5...`);
+            
+            const refreshBtns = await tmailorPage.$$('button, a');
+            for (const btn of refreshBtns) {
+                const text = await tmailorPage.evaluate(el => el.textContent, btn);
+                if (text && (text.includes('Refresh') || text.includes('refresh'))) {
+                    await btn.click();
+                    await new Promise(resolve => setTimeout(resolve, 3000));
+                    break;
+                }
+            }
+
+            const inboxText = await tmailorPage.evaluate(() => document.body.innerText);
+            if (inboxText.toLowerCase().includes('autz') || 
+                inboxText.toLowerCase().includes('verify') || 
+                inboxText.toLowerCase().includes('zone')) {
+                console.log('Found verification email!');
+                
+                const emailLinks = await tmailorPage.$$('a, tr, div[class*="mail"], div[class*="message"]');
+                for (const link of emailLinks) {
+                    const linkText = await tmailorPage.evaluate(el => el.textContent, link);
+                    if (linkText && (linkText.toLowerCase().includes('autz') || 
+                                    linkText.toLowerCase().includes('verify') ||
+                                    linkText.toLowerCase().includes('zone'))) {
+                        console.log('Clicking on email...');
+                        await link.click();
+                        await new Promise(resolve => setTimeout(resolve, 3000));
+                        break;
+                    }
+                }
+                break;
+            }
+            
+            await new Promise(resolve => setTimeout(resolve, 5000));
+        }
+
+        await tmailorPage.screenshot({ path: 'tmailor-inbox.png', fullPage: true });
+        console.log('Screenshot saved: tmailor-inbox.png');
+
+        console.log('\n=== FINAL STATUS ===');
+        console.log('Temp Email Used:', tempEmail);
+        console.log('Check the screenshots to see the current state');
+
+    } catch (error) {
+        console.error('Error:', error.message);
+        await page.screenshot({ path: 'error-screenshot.png', fullPage: true });
+    } finally {
+        await browser.close();
+        console.log('\nBrowser closed.');
+    }
+}
+
+createAutzAccount();

test-tempmail.js

@@ -0,0 +1,163 @@
+const { connect } = require('puppeteer-real-browser');
+
+async function getTempMail() {
+    console.log('Launching browser...');
+    
+    const { browser, page } = await connect({
+        headless: 'auto',
+        args: ['--no-sandbox', '--disable-setuid-sandbox'],
+        turnstile: true
+    });
+
+    try {
+        console.log('Navigating to tmailor.com...');
+        await page.goto('https://tmailor.com', { 
+            waitUntil: 'networkidle2',
+            timeout: 60000 
+        });
+
+        console.log('Initial page load complete. Waiting...');
+        await new Promise(resolve => setTimeout(resolve, 3000));
+
+        console.log('Looking for Turnstile iframe to solve...');
+        
+        async function solveTurnstile() {
+            const frames = page.frames();
+            for (const frame of frames) {
+                const url = frame.url();
+                console.log('Frame URL:', url);
+                if (url.includes('turnstile') || url.includes('challenges.cloudflare')) {
+                    console.log('Found Turnstile challenge frame!');
+                    try {
+                        await new Promise(resolve => setTimeout(resolve, 2000));
+                        const checkbox = await frame.$('input[type="checkbox"]');
+                        if (checkbox) {
+                            console.log('Clicking Turnstile checkbox...');
+                            await checkbox.click();
+                            return true;
+                        }
+                        const verifyButton = await frame.$('[id*="verify"], [class*="verify"], button');
+                        if (verifyButton) {
+                            console.log('Clicking verify button in frame...');
+                            await verifyButton.click();
+                            return true;
+                        }
+                    } catch (e) {
+                        console.log('Error in Turnstile frame:', e.message);
+                    }
+                }
+            }
+            return false;
+        }
+
+        let turnstileSolved = await solveTurnstile();
+        if (turnstileSolved) {
+            console.log('Turnstile interaction attempted, waiting for verification...');
+            await new Promise(resolve => setTimeout(resolve, 8000));
+        }
+
+        console.log('Checking for Confirm link on page...');
+        const confirmButtons = await page.$$('a[title*="verify"], a[href*="firewall"], button');
+        for (const btn of confirmButtons) {
+            const text = await page.evaluate(el => el.textContent, btn);
+            if (text && text.toLowerCase().includes('confirm')) {
+                console.log('Found Confirm button, clicking...');
+                await btn.click();
+                await new Promise(resolve => setTimeout(resolve, 5000));
+                
+                turnstileSolved = await solveTurnstile();
+                if (turnstileSolved) {
+                    await new Promise(resolve => setTimeout(resolve, 8000));
+                }
+                break;
+            }
+        }
+
+        console.log('Looking for New Email button...');
+        const buttons = await page.$$('button, a');
+        for (const btn of buttons) {
+            const text = await page.evaluate(el => el.textContent, btn);
+            if (text && text.includes('New Email')) {
+                console.log('Found New Email button, clicking...');
+                await btn.click();
+                await new Promise(resolve => setTimeout(resolve, 3000));
+                break;
+            }
+        }
+
+        console.log('Waiting for email to appear...');
+        await new Promise(resolve => setTimeout(resolve, 5000));
+
+        let email = null;
+
+        console.log('Searching for email in page...');
+        const allText = await page.evaluate(() => document.body.innerText);
+        
+        const emailPatterns = allText.match(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g);
+        if (emailPatterns) {
+            const filtered = emailPatterns.filter(e => 
+                !e.includes('gmail.com') && 
+                !e.includes('tmailor.com@') &&
+                !e.toLowerCase().includes('support')
+            );
+            if (filtered.length > 0) {
+                email = filtered[0];
+                console.log('Found email in page text:', email);
+            }
+        }
+
+        if (!email) {
+            const emailSelectors = [
+                '#email',
+                '#tempmail',
+                '.email-address',
+                '[data-email]',
+                'input[readonly]',
+                'input[type="text"]',
+                '.copy-text',
+                'code',
+                'pre'
+            ];
+
+            for (const selector of emailSelectors) {
+                try {
+                    const elements = await page.$$(selector);
+                    for (const element of elements) {
+                        const value = await page.evaluate(el => {
+                            return el.value || el.textContent || el.getAttribute('data-email') || el.getAttribute('data-clipboard-text');
+                        }, element);
+                        if (value && value.includes('@') && !value.includes('gmail')) {
+                            email = value.trim();
+                            console.log(`Found email with selector "${selector}": ${email}`);
+                            break;
+                        }
+                    }
+                    if (email) break;
+                } catch (e) {}
+            }
+        }
+
+        console.log('\nTaking screenshot...');
+        await page.screenshot({ path: 'tmailor-screenshot.png', fullPage: true });
+        console.log('Screenshot saved to tmailor-screenshot.png');
+
+        console.log('\n=== RESULT ===');
+        if (email && email.includes('@')) {
+            console.log('SUCCESS! Temp Email:', email);
+        } else {
+            console.log('Could not find a temp email address');
+            console.log('\n--- Page visible text (first 1500 chars) ---');
+            console.log(allText.substring(0, 1500));
+        }
+
+        return email;
+
+    } catch (error) {
+        console.error('Error:', error.message);
+    } finally {
+        await browser.close();
+        console.log('Browser closed.');
+    }
+}
+
+getTempMail();