FlareSolverr — Cloudflare Bypass

Bypass Cloudflare protection by routing requests through FlareSolverr’s browser API, handling challenges and returning page content, cookies, and headers.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 2 · 683 · 4 current installs · 4 all-time installs

by@Dolverin

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name, description, declared binaries (curl, jq), and required env var (FLARESOLVERR_URL) align with using an external FlareSolverr HTTP API. The SKILL.md only documents calling that API and managing sessions/cookies, which is expected for this purpose.

ℹ

Instruction Scope

Instructions stay within the skill's scope: run FlareSolverr (Docker), set FLARESOLVERR_URL, and POST JSON requests to /v1. The skill makes and extracts page content, cookies, headers and supports proxies/sessions — all reasonable for a bypass/scraping helper. Note: because the skill returns full page content and cookies, using a remote/untrusted FLARESOLVERR_URL would expose requested URLs and page data to that host (privacy/exfiltration risk).

✓

Install Mechanism

Instruction-only skill (no install spec or code). SKILL.md advises running the official ghcr.io/flaresolverr image via docker run — a standard, expected approach and not an arbitrary download URL from an unknown server.

ℹ

Credentials

Only FLARESOLVERR_URL is required and declared as the primaryEnv, which is proportional. Caution: that single env var controls the service endpoint — pointing it to an untrusted third-party service could leak all requested URLs, page contents, and cookies to that remote operator.

✓

Persistence & Privilege

always:false and no install or persistent configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.

Assessment

This skill appears coherent for running and using a FlareSolverr HTTP API. Before installing: prefer running FlareSolverr yourself (the SKILL.md suggests the ghcr.io Docker image) so requests and solved pages stay on your host; do not set FLARESOLVERR_URL to an untrusted public endpoint (that service will see all target URLs, page content, and cookies); consider legal/terms-of-service implications of bypassing protections and respect rate limits; and keep curl/jq available on the agent environment. Autonomy is allowed by default but the skill does not request elevated/system-wide privileges.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97ck7vze8079j4t7aj7d4ceg1812ts3

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Binscurl, jq

EnvFLARESOLVERR_URL

Primary envFLARESOLVERR_URL

SKILL.md

FlareSolverr — Cloudflare Bypass

Use FlareSolverr to bypass Cloudflare protection when direct curl requests fail with 403 or Cloudflare challenge pages.

Setup

Run FlareSolverr (Docker recommended):

docker run -d --name flaresolverr -p 8191:8191 ghcr.io/flaresolverr/flaresolverr:latest

Set the environment variable:

export FLARESOLVERR_URL="http://localhost:8191"

Verify:

curl -s "$FLARESOLVERR_URL/health" | jq '.'
# Expected: {"status":"ok","version":"3.x.x"}

When to Use

Direct curl fails with 403 Forbidden
Cloudflare challenge page appears (JS challenge, captcha, "Checking your browser")
Bot detection blocks automated requests
Rate limiting or anti-scraping measures

Workflow

Try direct curl first (it's faster and simpler)
If blocked: Use FlareSolverr to get cookies/user-agent
Reuse session for subsequent requests (optional, for performance)

Basic Usage

Simple GET Request

curl -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page",
    "maxTimeout": 60000
  }' | jq '.'

Response Structure

{
  "status": "ok",
  "message": "Challenge solved!",
  "solution": {
    "url": "https://example.com/protected-page",
    "status": 200,
    "headers": {},
    "response": "<html>...</html>",
    "cookies": [
      {
        "name": "cf_clearance",
        "value": "...",
        "domain": ".example.com"
      }
    ],
    "userAgent": "Mozilla/5.0 ..."
  },
  "startTimestamp": 1234567890,
  "endTimestamp": 1234567895,
  "version": "3.3.2"
}

Extract Page Content

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page"
  }' | jq -r '.solution.response'

Extract Cookies

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com"
  }' | jq -r '.solution.cookies[] | "\(.name)=\(.value)"'

Session Management

Sessions allow reusing browser context (cookies, user-agent) for multiple requests, improving performance.

Create Session

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.create"}' | jq -r '.session'

Use Session for Request

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/page1",
    "session": "SESSION_ID"
  }' | jq -r '.solution.response'

List Active Sessions

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.list"}' | jq '.sessions'

Destroy Session

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "sessions.destroy",
    "session": "SESSION_ID"
  }'

POST Requests

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.post",
    "url": "https://example.com/api/endpoint",
    "postData": "key1=value1&key2=value2",
    "maxTimeout": 60000
  }' | jq '.'

For JSON POST data:

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.post",
    "url": "https://example.com/api/endpoint",
    "postData": "{\"key\":\"value\"}",
    "headers": {
      "Content-Type": "application/json"
    }
  }' | jq '.'

Advanced Options

Custom User-Agent

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
  }' | jq '.'

Custom Headers

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "headers": {
      "Accept-Language": "en-US,en;q=0.9",
      "Referer": "https://google.com"
    }
  }' | jq '.'

Proxy Support

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com",
    "proxy": {
      "url": "http://proxy.example.com:8080"
    }
  }' | jq '.'

Download Binary Content

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/file.pdf",
    "download": true
  }' | jq -r '.solution.response' | base64 -d > file.pdf

Error Handling

Common Errors

"status": "error": Request failed (check message field)
"status": "timeout": maxTimeout exceeded (increase timeout)
"status": "captcha": Manual captcha required (rare, usually auto-solved)

Check Status

curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "request.get", "url": "https://example.com"}' | \
  jq -r '.status'

Example Workflow

Bypass Cloudflare and Extract Data

# Step 1: Fetch page through FlareSolverr
RESPONSE=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "request.get",
    "url": "https://example.com/protected-page"
  }')

# Step 2: Check if successful
STATUS=$(echo "$RESPONSE" | jq -r '.status')
if [ "$STATUS" != "ok" ]; then
  echo "Failed: $(echo "$RESPONSE" | jq -r '.message')"
  exit 1
fi

# Step 3: Extract and parse HTML
echo "$RESPONSE" | jq -r '.solution.response'

Multi-Page Session

# Create session
SESSION=$(curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d '{"cmd": "sessions.create"}' | jq -r '.session')

# Page 1
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page1\", \"session\": \"$SESSION\"}" | \
  jq -r '.solution.response'

# Page 2 (reuses cookies from page 1)
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"request.get\", \"url\": \"https://example.com/page2\", \"session\": \"$SESSION\"}" | \
  jq -r '.solution.response'

# Cleanup
curl -s -X POST "$FLARESOLVERR_URL/v1" \
  -H "Content-Type: application/json" \
  -d "{\"cmd\": \"sessions.destroy\", \"session\": \"$SESSION\"}"

Health Check

curl -s "$FLARESOLVERR_URL/health" | jq '.'

Performance Tips

Use sessions for multiple requests to same domain (reuses cookies/context)
Increase maxTimeout for slow sites (default: 60000ms)
Fallback to direct curl when possible (FlareSolverr is slower due to browser overhead)
Destroy sessions when done to free resources

Limitations

Slower than direct curl (launches headless browser)
Resource intensive (limit concurrent requests)
May not solve all captchas (most Cloudflare challenges work)
HTML only in response (no client-side JS execution after fetch)

Best Practices

Always try direct curl first
Use sessions for multi-page workflows
Set appropriate maxTimeout (default 60s, increase for slow sites)
Clean up sessions when done
Handle errors gracefully (check status field)
Rate limit your requests (don't overwhelm FlareSolverr or target site)

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…