API 教程

Cloudflare 挑战页面参数和代币流

自动化 Cloudflare Challenge
作者 CaptchaAI 中文团队
发布时间 May 17, 2026
Cloudflare 挑战页面参数和代币流
特色图片不可用

当 Cloudflare 呈现挑战页面时,复杂的令牌流开始 - 从初始页面参数通过 JavaScript 执行到最终的 qa_session_cookie cookie。了解这些参数有助于您诊断解决故障、调试自动化流程并选择正确的解决方法。

挑战页面剖析

Cloudflare 挑战页面 (HTTP 503) 包含几个关键元素:

<!DOCTYPE html>
<html>
<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
    <div id="challenge-stage">
        <div id="challenge-body-text">
            Checking if the site connection is secure
        </div>
        <div id="challenge-spinner">
            <!-- Loading spinner -->
        </div>
    </div>

    <div id="challenge-form" style="display:none">
        <form id="challenge-form" action="/..." method="POST">
            <!-- Hidden parameters -->
            <input type="hidden" name="md" value="...">
            <input type="hidden" name="r" value="...">
        </form>
    </div>

    <script src="/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=...">
    </script>
</body>
</html>

关键参数

在挑战页面

范围 姓名 目的
ray Cloudflare Ray ID 唯一的请求标识符,将挑战与原始请求联系起来
md 挑战元数据 加密挑战状态
r 响应令牌 计算答案(由 JavaScript 填充)
chl_opt 挑战选项 挑战脚本的配置
cRay 挑战射线 用于挑战跟踪的辅助射线
cZone 挑战区 Cloudflare 区域 ID
cUPMDTk 时间戳 挑战发布时间
cHash 挑战哈希 完整性验证

在挑战脚本 URL 中

/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=ABC123
成分 意义
/cdn-cgi/challenge-platform/ Cloudflare 挑战基础设施
h/g/ 挑战版/variant
orchestrate/ 挑战编排端点
chl_page/v1 挑战页面版本
ray=ABC123 请求 Ray ID 绑定

在 JavaScript 有效负载中

挑战脚本加载附加参数:

// Extracted from obfuscated challenge script
window._cf_chl_opt = {
    cvId: '2',           // Challenge version
    cType: 'managed',    // Challenge type
    cNounce: '...',      // Cryptographic nonce
    cRay: '...',         // Challenge Ray ID
    cHash: '...',        // Challenge hash
    cUPMDTk: '...',      // Timestamp
    cFPWv: 'g',          // Fingerprint version
    cTTimeMs: '4000',    // Minimum wait time (ms)
    cTplV: 5,            // Template version
    cLt: '...',          // Challenge lifetime
    cRq: {},             // Challenge request data
};

从挑战到通关的代币流

逐步流程


1. CLIENT → CLOUDFLARE EDGE
   GET /protected-page
   ↓

2. CLOUDFLARE → CLIENT
   HTTP 503 + Challenge page HTML
   Sets: __cf_bm cookie (bot management tracking)
   Contains: ray ID, challenge script URL
   ↓

3. CLIENT (browser)
   Loads challenge script from /cdn-cgi/challenge-platform/...
   ↓

4. CHALLENGE SCRIPT EXECUTES:
   a. Collects browser feature:

      - canvas-feature (feature)
      - WebGL (feature)
      - Screen dimensions
      - Installed fonts
      - Timezone
      - Language
   b. Runs proof-of-work:

      - Iterates hash computations
      - Must find answer matching difficulty
   c. Computes timing:

      - Enforces minimum wait (cTTimeMs)
      - Records actual timing
   d. Generates response token:

      - Combines feature + PoW answer + timing
      - Encrypts with challenge nonce
   ↓

5. CLIENT → CLOUDFLARE
   POST /cdn-cgi/challenge-platform/h/g/flow/ov1/...
   Body: { r: "encrypted_response", md: "metadata", ... }
   ↓

6. CLOUDFLARE validates:
   - Proof-of-work answer correct?
   - Timing within acceptable range?
   - Fingerprint consistent with real browser?
   - No replay (nonce check)?
   ↓

7. CLOUDFLARE → CLIENT
   HTTP 200 + Set-Cookie: qa_session_cookie=...; path=/; expires=...
   + HTTP redirect to original URL
   ↓

8. CLIENT → CLOUDFLARE
   GET /protected-page
   Cookie: qa_session_cookie=...
   ↓

9. CLOUDFLARE → CLIENT
   HTTP 200 + Protected content

Request 1: No cookies
    → Challenge page (503)
    → __cf_bm cookie set

Challenge solve:
    → qa_session_cookie cookie set

Request 2+: qa_session_cookie + __cf_bm
    → Content served (200)

After ~30 mins: qa_session_cookie expires
    → Next request triggers new challenge

挑战饼干

曲奇饼 目的 寿命 范围
__cf_bm 机器人管理会话跟踪 30分钟 领域
qa_session_cookie 挑战通关证明 15 分钟 – 24 小时(可配置) 领域
__cflb 负载均衡器关联性 会议 领域
_cfuvid 唯一访客 ID 会议 领域

qa_session_cookie cookie 绑定到:

  1. IP 地址 – 必须来自解决挑战的同一 IP
  2. User-Agent – 必须与挑战期间使用的 UA 匹配
  3. – 仅对颁发它的域有效
# ❌ FAILS — IP mismatch
# Solve challenge from IP A, then use qa_session_cookie from IP B

# ❌ FAILS — UA mismatch
# Solve with Chrome UA, then send requests with Firefox UA

# ✅ WORKS — Same IP + Same UA
session = requests.Session()
session.headers["User-Agent"] = "Mozilla/5.0 ... Chrome/120.0.0.0"
# Use same session for solving and subsequent requests

提取挑战参数

Python

import re
import requests

def extract_challenge_params(url):
    """Extract Cloudflare 验证流程 page parameters."""
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
                      "AppleWebKit/537.36 Chrome/120.0.0.0",
        "Accept": "text/html,*/*;q=0.8",
        "Accept-Language": "en-US,en;q=0.9",
    }

    response = requests.get(url, headers=headers, timeout=15, allow_redirects=False)
    html = response.text

    params = {
        "status_code": response.status_code,
        "cf_ray": response.headers.get("cf-ray", ""),
        "is_challenge": response.status_code == 503,
    }

    if not params["is_challenge"]:
        return params

    # Extract Ray ID from page
    ray_match = re.search(r"ray['\"]?\s*[:=]\s*['\"]([a-f0-9]+)['\"]", html, re.I)
    if ray_match:
        params["ray_id"] = ray_match.group(1)

    # Extract challenge script URL
    script_match = re.search(
        r'src=["\'](/cdn-cgi/challenge-platform/[^"\']+)["\']', html
    )
    if script_match:
        params["challenge_script"] = script_match.group(1)

    # Extract challenge options
    opt_match = re.search(r"_cf_chl_opt\s*=\s*\{([^}]+)\}", html)
    if opt_match:
        opt_text = opt_match.group(1)

        # Parse individual options
        for key in ["cType", "cRay", "cHash", "cTTimeMs", "cvId", "cFPWv"]:
            val_match = re.search(
                rf"{key}\s*:\s*['\"]?([^'\"', }}]+)", opt_text
            )
            if val_match:
                params[key] = val_match.group(1)

    # Extract form parameters
    md_match = re.search(r'name=["\']md["\']\s+value=["\']([^"\']+)["\']', html)
    if md_match:
        params["md"] = md_match.group(1)

    # Extract cookies from response
    params["cookies"] = {
        name: value
        for name, value in response.cookies.items()
    }

    return params


# Usage
params = extract_challenge_params("https://protected-site.com")
if params["is_challenge"]:
    print(f"Challenge type: {params.get('cType', 'unknown')}")
    print(f"Ray ID: {params.get('ray_id', params['cf_ray'])}")
    print(f"Min wait: {params.get('cTTimeMs', '?')}ms")
    print(f"Script: {params.get('challenge_script', 'not found')}")

Node.js

const axios = require("axios");

async function extractChallengeParams(url) {
  const response = await axios.get(url, {
    headers: {
      "User-Agent": "Mozilla/5.0 Chrome/120.0.0.0",
      Accept: "text/html,*/*;q=0.8",
    },
    validateStatus: () => true,
    maxRedirects: 0,
  });

  const html = response.data;
  const params = {
    statusCode: response.status,
    cfRay: response.headers["cf-ray"] || "",
    isChallenge: response.status === 503,
  };

  if (!params.isChallenge) return params;

  // Extract challenge script URL
  const scriptMatch = html.match(
    /src=["'](\/cdn-cgi\/challenge-platform\/[^"']+)["']/
  );
  if (scriptMatch) params.challengeScript = scriptMatch[1];

  // Extract challenge type
  const typeMatch = html.match(/cType\s*:\s*['"]?(\w+)/);
  if (typeMatch) params.challengeType = typeMatch[1];

  // Extract timing
  const timeMatch = html.match(/cTTimeMs\s*:\s*['"]?(\d+)/);
  if (timeMatch) params.minWaitMs = parseInt(timeMatch[1]);

  return params;
}

extractChallengeParams("https://protected-site.com").then(console.log);

使用 CaptchaAI 解决

CaptchaAI 在内部处理整个令牌流 - 您不需要手动提取质询参数:

import requests
import time

API_KEY = "YOUR_API_KEY"

def solve_cloudflare_challenge(target_url):
    """Solve Cloudflare 验证流程 page — CaptchaAI handles token flow."""
    submit = requests.post("https://ocr.captchaai.com/in.php", data={
        "key": API_KEY,
        "method": "cloudflare_challenge",
        "sitekey": "managed",
        "pageurl": target_url,
        "json": 1,
    })

    task_id = submit.json()["request"]

    for _ in range(60):
        time.sleep(5)
        result = requests.get("https://ocr.captchaai.com/res.php", params={
            "key": API_KEY,
            "action": "get",
            "id": task_id,
            "json": 1,
        }).json()

        if result.get("status") == 1:
            return result["request"]

    raise TimeoutError("Challenge solve timed out")


# CaptchaAI handles the full flow:
# 1. Loads the challenge page
# 2. Executes JavaScript
# 3. Solves proof-of-work
# 4. Returns clearance token/cookies
token = solve_cloudflare_challenge("https://protected-site.com/login")

调试挑战失败

常见故障点

故障点 症状 根本原因
挑战页面无法加载 超时或空响应 网络/proxy问题
脚本执行失败 挑战循环 缺少 JavaScript API
工作量证明失败 无限旋转器 计算超时
回复被拒绝 重定向回挑战 时序违规或特征不一致
qa_session_cookie 未设置 解决后cookie丢失 响应解析错误
qa_session_cookie 被拒绝 后续请求时返回 403 IP or UA mismatch

调试清单

def debug_challenge_flow(url, qa_session_cookie_cookie=None, user_agent=None):
    """Debug the challenge solve flow step by step."""
    ua = user_agent or (
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
        "AppleWebKit/537.36 Chrome/120.0.0.0"
    )

    steps = []

    # Step 1: Initial request
    response = requests.get(
        url,
        headers={"User-Agent": ua, "Accept": "text/html,*/*;q=0.8"},
        timeout=15,
        allow_redirects=False,
    )
    steps.append({
        "step": "initial_request",
        "status": response.status_code,
        "is_challenge": response.status_code == 503,
        "cf_ray": response.headers.get("cf-ray", ""),
    })

    # Step 2: Test with qa_session_cookie
    if qa_session_cookie_cookie:
        session = requests.Session()
        session.cookies.set("qa_session_cookie", qa_session_cookie_cookie)
        session.headers["User-Agent"] = ua

        response2 = session.get(url, timeout=15, allow_redirects=False)
        steps.append({
            "step": "with_clearance",
            "status": response2.status_code,
            "passed": response2.status_code == 200,
        })

        if response2.status_code != 200:
            steps.append({
                "step": "diagnosis",
                "issue": "qa_session_cookie rejected",
                "possible_causes": [
                    "Cookie expired",
                    "IP address changed",
                    "User-Agent mismatch",
                    "Cookie from different domain",
                ],
            })

    return steps

故障排除

症状 原因 处理方式
挑战类型为“托管”但解决失败 挑战需要旋转门,而不是JS挑战 尝试 turnstile 方法而不是 cloudflare_challenge
qa_session_cookie 有效一次,然后被拒绝 IP轮换改变了你的IP 间隙寿命的引脚 IP
“请稍等...”页面永远无法解决 JavaScript 被阻止或格式错误 使用CaptchaAI代替手动求解
每次请求后挑战都会重新出现 qa_session_cookie 未发送 确保 cookie 保留在会话中
不同的道路上有不同的挑战 每路径 WAF 规则 分别求解每条路径

常见问题

它是一个加密令牌,包含解决证明、IP 哈希、UA 哈希和过期时间。您无法解码或伪造它 - 只有 Cloudflare 的边缘可以验证它。

站点操作员配置生命周期。默认值为 30 分钟。范围为 15 分钟至 24 小时。企业客户可以设置自定义值。

我可以在不执行 JavaScript 的情况下解决这个挑战吗?

不。挑战需要 JavaScript 来计算工作量证明和浏览器特征。 CaptchaAI 使用真实浏览器在内部处理此问题。

如果 Ray ID 改变会发生什么?

每个请求都会获得一个新的 Ray ID。挑战与挑战页面时的 Ray ID 绑定。一旦发出 qa_session_cookie,光线 ID 就不再相关。

不。qa_session_cookie 是域范围的。每个域都需要自己的挑战解决和清除 cookie。

概括

Cloudflare 挑战页面包含 Ray ID、挑战脚本、选项对象和驱动工作量证明令牌流的表单参数。该流程会生成一个绑定到 IP 和用户代理的 qa_session_cookie cookie,有效期为 15 分钟到 24 小时。和CaptchaAI,您不需要手动解析这些参数 - 求解器会处理整个流程。对于调试而言,了解参数有助于识别流程中断的位置。

相关文章

该文章已禁用评论。