Bypass Solution
This documentation provides detailed information on generating the Castle x-castle-request-token.
How the Solution Works
To bypass Castle:
Parse the site key from the webpage (starts with
pk_
).Send it along with your session’s
__cuid
(if you have one).Parse the response and use the
x-castle-request-token
.
Required Parameters:
scriptID
: A numeric scriptID parsed from the page's HTML
Optional Parameters:
__cuid
: The session’s__cuid
cookie. If not provided, one will be generated.
It's highly recommended to provide your session’s User-Agent
, Sec-Ch-Ua
, and Accept-Language
headers for more accurate token generation.
Example Response
{
"__cuid": "...", // Set this on your session if not provided
"castle": "..." // Use this token for your next request
}
In order to parse the scriptID from the page's HTML, you can use the following regex:
<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>
Last updated
Was this helpful?