Skip to content

mifdlaldev/Geber-CF

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Geber-CF

Release Python License Code style

Geber-CF

Automated Cloudflare Workers AI account provisioning toolkit. Handles the complete lifecycle — from temporary email generation and Turnstile challenge solving to API credential extraction — using CloakBrowser stealth automation with intelligent VPN rotation.


Architecture

flowchart TB
    subgraph Network["Network Layer"]
        VG[VPN Gate<br/>Japan IPv4 Pool] --> OVPN[OpenVPN tun0]
        WARP[WARP Proxy<br/>SOCKS5 :40000<br/>IPv6] --> TS[challenges.cloudflare.com<br/>Turnstile Backend]
        PAC[PAC File] -->|*.challenges.cloudflare.com| WARP
        PAC -->|everything else| OVPN
    end

    subgraph Browser["Browser Automation"]
        CB[CloakBrowser<br/>stealth + humanize] --> CF[dash.cloudflare.com/sign-up]
        CF --> FORM[Fill Email + Password]
        FORM --> TURN[Solve Turnstile]
        TURN --> SUB[Submit Signup]
        SUB --> WAIT{Redirect to Dashboard?}
        WAIT -->|Yes| EMAIL[Verify Email]
        WAIT -->|No| RETRY[Re-fill + Re-solve Turnstile]
        RETRY --> SUB
    end

    subgraph Credentials["Credential Extraction"]
        TM[TempMail<br/>localhost:3000] -->|Poll verify link| EMAIL
        EMAIL --> TOKEN[POST /api/v4/user/tokens]
        TOKEN --> SAVE[Save to Output File]
    end

    subgraph Rotation["VPN Rotation"]
        RCOUNT{Signups on IP >= N} -->|Yes| ROT[Rotate VPN Gate Server]
        ROT --> CHECK{Network Healthy?}
        CHECK -->|Yes| CONTINUE[Continue Next Account]
        CHECK -->|No| SKIP[Skip Batch<br/>Wait + Retry]
    end
Loading

Quick Start

# 1. Clone & install
git clone https://github.com/mifdlaldev/Geber-CF.git
cd Geber-CF
pip install httpx cloakbrowser

# 2. Set up WARP proxy mode (IPv6 for Turnstile)
warp-cli mode proxy
warp-cli --accept-tos connect

# 3. Set TempMail API key
export GEBER_CF_TEMPMAIL_KEY="your-tempmail-api-key"

# 4. Run
python geber_cf.py 5

Requirements

Dependency Purpose
Python 3.10+ Runtime
CloakBrowser Stealth Chromium automation with human-like behavior
WARP (Cloudflare) IPv6 proxy for Turnstile challenge backend
OpenVPN / VPN Gate IPv4 rotation for rate-limit avoidance
TempMail (self-hosted) Temporary email service for account verification

Configuration

All configuration is done via environment variables:

Variable Default Description
GEBER_CF_TEMPMAIL_KEY Required. TempMail API key
GEBER_CF_TEMPMAIL_URL http://localhost:3000 TempMail base URL
GEBER_CF_OUTPUT ./accounts.txt Password backup file
GEBER_CF_OUTPUT_DIR ./output Directory for structured credentials
GEBER_CF_PAC_FILE ./vpngate_pac.pac PAC file for WARP routing
GEBER_CF_VPN_CONFIG ./vpngate_fast.ovpn OpenVPN config path (auto-updated)
GEBER_CF_SIGNUPS_PER_IP 2 Max signups per IP before rotation
SUDO_PASS Sudo password for VPN operations

Usage

# Provision 10 accounts sequentially (stable)
python geber_cf.py 10

# Show browser window for debugging
python geber_cf.py 1 --visible

# Set parallelism and stagger delay
python geber_cf.py 20 --parallel 2 --stagger 30

# Specify TempMail key inline
GEBER_CF_TEMPMAIL_KEY="key" python geber_cf.py 5

Output Files

File Format Content
./accounts.txt email:password per line All attempted accounts (including partials)
./output/credentials.txt N. email | password | account_id | api_token Successfully provisioned accounts with API tokens
./debug/ Screenshots + logs Auto-generated diagnostics on failure

How It Works

  1. VPN Rotation — Connects to a Japan VPN Gate server via OpenVPN. After SIGNUPS_PER_IP successful signups, automatically rotates to a fresh IP. WARP proxy is never disconnected during rotation (ISP blocks MASQUE protocol outside the VPN tunnel).

  2. Browser Automation — CloakBrowser launches with stealth flags and humanized interactions. Fills the Cloudflare signup form with realistic delays. Solves the Turnstile managed challenge (widget loads dynamically after form fill).

  3. Email Verification — TempMail generates a disposable address. The script polls for the verification email (cached locally to avoid upstream Worker CPU quota limits). Opens the verification link in the same browser session to preserve login cookies.

  4. API Token Creation — Uses Playwright's API request context (shares browser cookies, bypasses CSRF) to POST /api/v4/user/tokens with the Workers AI Write permission group.

Current State

Item Detail
Version v1.0.0
Repo PUBLIC — github.com/mifdlaldev/Geber-CF
Script geber_cf.py (810 lines)
License Pure MIT — no addendums
Legal 24-section DISCLAIMER.md
Accounts harvested 185 (#1–#185, data cleared for public safety)
All fixes applied See .omo/agent-context.md (gitignored, AI context)

Technical Reference

Turnstile

  • Managed challenge (NOT sitekey-based). Widget: div[data-testid="challenge-widget-container"]
  • Token field: input[name="cf_challenge_response"]
  • Widget appears dynamically after email+password fields are filled (wait up to 60s)
  • humanize=True required (without it, Turnstile refuses to solve)
  • Click at (x+20, y+height/2) of widget container. Token arrives in 2-10s.
  • Turnstile widget load can clear the email field — script auto re-fills via page.type() + re-solves Turnstile (token expires during re-fill delay)

Form Filling

  • page.fill() triggers React re-render that clears the field. Use page.type(delay=15-50) instead
  • After Turnstile solve, email is verified and re-filled if empty
  • Password via page.type(delay=50). Click field first to focus
  • Submit: click button[type="submit"]. Enter key is less reliable

Post-Submit Behavior

  • Success: redirect to dash.cloudflare.com/<account_id>/home/overview within 30s
  • Rate-limited: page stays on sign-up, empty form, no error message
  • CAPTCHA error: "Please complete the CAPTCHA" — re-solve Turnstile and re-submit
  • Email silently cleared: "An email address is required" on submit → re-fill + re-submit

API Token

  • Uses ctx.request.post() (Playwright API request context — shares browser cookies, bypasses CSRF)
  • fetch() from page.evaluate() → 403 CSRF error
  • Permission group ID: bacc64e0f6c34fc0883a1223f938a104 (Workers AI Write)
  • Endpoint: POST https://dash.cloudflare.com/api/v4/user/tokens
  • 30s timeout. Can ECONNRESET on rate-limited connections

Email Verification

  • Link must open in same browser session as signup (needs login cookies)
  • Format: https://dash.cloudflare.com/email-verification?token=...
  • After opening, redirects to dashboard → extract account_id from URL
  • TempMail polling: 25-35s interval, 180s timeout
  • First successful poll cached to local SQLite (eliminates upstream Worker CPU quota exhaustion)

VPN Gate

  • Source: http://www.vpngate.net/api/iphone/ (CSV with base64-encoded .ovpn)
  • Japan-only rotation: 52 servers, speed > 500Mbps, ping < 200ms
  • No auth required (auth-user-pass commented out)
  • SIGNUPS_PER_IP=2 (tested max before Cloudflare 429 rate limit)
  • WARP never disconnected during rotation (ISP blocks MASQUE outside VPN tunnel)

File Reference

File Lines Purpose
geber_cf.py 810 Main automation script
README.md Documentation (this file)
DISCLAIMER.md 638 24-section legal agreement
LICENSE 21 MIT license
.gitignore 76 Ignore rules (covers .omo/, accounts.txt, proxies)
.github/workflows/ci.yml 23 CI pipeline
Geber-CF.png Project logo

Known Limitations

Issue Mitigation
Cloudflare rate-limits IPs after 2-3 signups VPN rotation at SIGNUPS_PER_IP=2
Some VPN Gate servers block MASQUE protocol Auto-skip; script tries next server
Free-plan TempMail Worker has 10ms CPU quota Local SQLite caching after first fetch
Turnstile widget can clear email input on load Auto re-fill via page.type() + re-solve

License

MIT — see LICENSE.


Legal

⚠️ WARNING — READ BEFORE USE

This project is strictly for educational and research purposes only. Any unauthorized or illegal use is strictly prohibited. By using this software, you accept all terms in the full disclaimer.

See DISCLAIMER.md for the complete 24-section legal agreement, including:

  • §1 — Educational & research purpose only (10 explicit prohibitions)
  • §5 — Maximum limitation of liability (complete exclusion)
  • §6 — Indemnification and hold harmless
  • §9 — Governing law (international + Indonesia + New York + SIAC)
  • §10 — Binding arbitration, class action & jury trial waiver
  • §15Assumption of Risk & Waiver of All Claims (user bears ALL risk)
  • §16Covenant Not to Sue (user promises never to sue)
  • §17Unconditional Release & Waiver of Unknown Claims (California CC §1542)
  • §18Fee-Shifting / Loser Pays (user pays all legal fees if they sue and lose)
  • §19No Agency / Independent Action (user acts independently)
  • §21Acknowledgment of Independent Legal Counsel (user had chance to consult lawyer)

About

Enterprise-grade Cloudflare Workers AI account provisioning toolkit. Automates signup, TempMail integration, Turnstile CAPTCHA solving via CloakBrowser stealth automation, email verification, and API token generation with intelligent VPN rotation.

Topics

Resources

License

Stars

0 stars

Watchers

1 watching

Forks

Contributors

Languages