By @B00H0. Updates at @HK407.
Native Go, no browser. It solves the silent Cloudflare JSD challenge (the __CF$cv$params sensor) and returns cf_clearance over a small HTTP API. The deobfuscator and fingerprint are kept current with the live CF script, and it works on JSD-sensor sites.
It is not a managed ("Just a moment") or Turnstile bypass. Strict sites also validate the TLS fingerprint, so the token will not stick everywhere. I am putting it out as a base, build on it if you find it useful.
Fetch the page, read the __CF$cv$params values, pull the JSD script and deobfuscate it, build the browser fingerprint payload, LZ-compress it, and post the oneshot to get cf_clearance. No browser and no JS engine.
Go 1.25 or newer. No Chrome needed.
go build -o jsd_solver.exe .
.\jsd_solver.exe
It listens on http://127.0.0.1:8191 and runs with no config. An optional .env is supported (see Configuration).
POST /solve (alias POST /harvest), JSON body:
{
"url": "example.com",
"mode": "full",
"proxy": "host:port:user:pass",
"profile": "chrome_146",
"timeout": 30
}| Field | Required | Description |
|---|---|---|
| url | yes | Target URL. With no scheme, https:// is added. |
| mode | no | What to return. Default full. See Modes. |
| proxy | no | Per-request proxy. Accepts http://user:pass@host:port, socks5://..., host:port, or host:port:user:pass. |
| profile | no | TLS profile (chrome_146, chrome_133, firefox_120, ...). Default chrome_146. |
| timeout | no | Per-request timeout in seconds. Default TIMEOUT_SEC. |
If you leave the body fields empty you can pass them as headers instead: X-Target-URL, X-Mode, X-Profile, and the proxy via X-Proxy, Proxy-URL, or X-BooHo-Proxy-URL.
Note that cf_clearance is tied to the IP, User-Agent, and TLS fingerprint that earned it. Solve through the same proxy you will replay with, and send back the user_agent it returns.
Every response is JSON with the same envelope (success, elapsed, status_code, mode, error). The mode just picks which payload fields come back.
| mode | Returns |
|---|---|
| full (default) | cf_clearance, cookies, cookie_header, Cookie, antibot_cookies, headers, user_agent |
| clearance | cf_clearance, user_agent |
| cookies | cookies, cookie_header, Cookie, antibot_cookies, user_agent |
| headers | response headers |
| user_agent | user_agent |
Aliases: cookie, header, ua, useragent, token (clearance), all (full).
PS> Invoke-RestMethod -Method Post -Uri "http://127.0.0.1:8191/solve" `
>> -ContentType "application/json" -Body '{"url":"example.com"}'
success : True
elapsed : 724
status_code : 200
mode : full
cf_clearance : n0tsAN9tLFAlolAvwOhikpdIxrPhCEUbC3GO1ZhKy2w-1780499001-1.2.1.1-4SYqNSz...
cookie_header: cf_clearance=n0tsAN9t...; __cf_bm=hrfu2vz...; _cfuvid=RlTgnDXv...
user_agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
When it cannot solve, you get {"success": false, "elapsed": ..., "error": "..."} with HTTP 400, 502, or 504.
Optional .env in the working directory. All values have defaults.
| Variable | Default | Description |
|---|---|---|
| PORT | 8191 | HTTP port |
| LISTEN_HOST | 127.0.0.1 | Bind address (0.0.0.0 for all interfaces) |
| MAX_CONCURRENT | 50 | Parallel solves in flight |
| TIMEOUT_SEC | 30 | Per-request solve timeout |
There is also a jsdctl command line tool:
jsdctl solve <url> [url...] solve and print cf_clearance
jsdctl probe [url...] classify challenge and solve a list
jsdctl fetch <url> dump live page and JSD script
jsdctl deobf <script.js> [out.js] deobfuscate a script and print details
jsdctl loadtest -url <u> -c N [-n M | -d S] measure throughput
Run it with go run ./cmd/jsdctl <cmd>, or build it with go build -o jsdctl.exe ./cmd/jsdctl.
If it stops solving, Cloudflare most likely rotated the JSD script and the deobfuscator needs updating. On strict sites the clearance is rejected at the TLS layer, which needs a real browser rather than a code change.
When Cloudflare changes the script, grab a fresh one and look at it:
go run ./cmd/jsdctl fetch https://example.com
go run ./cmd/jsdctl deobf debug_script.js
The first step that comes back empty or errors points to the part of solver/deob.go to fix. The fingerprint payload lives in solver/fingerprint_template.json. Re-capture it from a current browser when the schema changes.
MIT. See LICENSE.