Bypass Solution

How the Solution Works

To bypass Castle:

1. Parse the site key from the webpage (starts with pk_).

2. Send it along with your session’s __cuid (if you have one).

3. Parse the response and use the x-castle-request-token.

Required Parameters:

• scriptID: A numeric scriptID parsed from the page's HTML

Optional Parameters:

• __cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>