rc-solver — xcasper.space

Challenge Solver API

Self-hosted stealth solver. Send any URL — the engine auto-detects and solves every challenge on the page in one request. No type guessing, no manual key extraction.

BASE URLhttps://solver.xcasper.space

Detected & Solved Automatically

CF Managed Challenge (JSD) CF Clearance Cloudflare Turnstile reCAPTCHA v3 reCAPTCHA v2 invisible hCaptcha (detect only) Arkose FunCaptcha (detect only)

Simple Mode — just send a URL

POSTPUTGETOPTIONS /solve omit type for auto-detect

Only secret + targetUrl required. The solver navigates to the page, detects every challenge via DOM and network traffic, solves all it can, and returns tokens + cookies in one shot.

// npmjs.com
curl https://solver.xcasper.space/solve \
  -X POST \
  -H "X-Secret: YOUR_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"targetUrl":"https://npmjs.com"}'

// chatgpt.com
{
  "secret":    "YOUR_SECRET",
  "targetUrl": "https://chatgpt.com"
}
// or just the domain:
{
  "secret":    "YOUR_SECRET",
  "targetUrl": "chatgpt.com"
}

Response always includes detected[], bypassed[], solved{}, all cookies, userAgent, finalUrl, and elapsed.

// chatgpt.com — CF JSD detected + bypassed by stealth
{
  "url":       "https://chatgpt.com",
  "detected":  ["cf_managed"],
  "bypassed":  ["cf_managed"],
  "solved": {
    "cf_managed": {
      "status":  "bypassed_by_stealth",
      "clearance": "Jrjm9..." or null
    }
  },
  "cookies":   { "cf_clearance": "..." },
  "userAgent": "Mozilla/5.0...",
  "elapsed":  5200
}

// site with multiple challenges
{
  "detected": ["cf_managed", "recaptcha_v3", "turnstile"],
  "bypassed": ["cf_managed"],
  "solved": {
    "cf_managed":  { "status": "bypassed_by_stealth" },
    "recaptcha_v3": { "token": "03A...", "siteKey": "6Le..." },
    "turnstile":   { "token": "0.abc..." }
  },
  "cookies":  { "cf_clearance": "...", "csrftoken": "..." },
  "userAgent": "Mozilla/5.0...",
  "elapsed": 9800
}

Tokens expire: reCAPTCHA v3 ~120s, Turnstile ~2 min. Request fresh tokens just before submitting. Always pass the returned userAgent with cf_clearance cookies.

Optional Fields (Simple Mode)

Field	Default	Description
action	"homepage"	reCAPTCHA v3 / Turnstile action label
timeout	60000	Max ms to wait for CF clearance
url / target	—	Alias for targetUrl

GET: /solve?secret=…&targetUrl=https://npmjs.com | Auth: secret in body or X-Secret header

Manual Mode — specify type + siteKey

POSTPUTGET/solveadd type field

Field	Required	Description
type	required	recaptcha_v3 \| recaptcha_v2 \| turnstile \| cf_clearance
siteKey	cond.	Required for v2/v3, optional for turnstile (reads from page)
action	cond.	Required for recaptcha_v3

// reCAPTCHA v3 manual
{
  "secret":    "YOUR_SECRET",
  "type":      "recaptcha_v3",
  "siteKey":   "6LeIxAcT...",
  "action":    "login",
  "targetUrl": "https://site.com"
}

// Turnstile manual
{
  "secret":    "YOUR_SECRET",
  "type":      "turnstile",
  "siteKey":   "0x4AAAA...",
  "targetUrl": "https://site.com"
}

Health

GET/health

{ "ok": true, "mode": "non-headless", "display": ":99", "browser": true }