Getting Around Cloudflare Protection Using Puppeteer and FlareSolverr

Other Questions Puppeteer
1

Need Help with Cloudflare Bypass Using Puppeteer and FlareSolverr

Hey everyone! I’ve been struggling with web scraping for the past month and could really use some advice.

I’m trying to scrape a watch marketplace website but keep running into Cloudflare protection. The site shows a “Please wait while we verify your connection” message that blocks my scraper.

What I’ve Already Tried

  • Basic Puppeteer setup
  • Adding proxy rotation
  • Using puppeteer-extra-plugin-stealth
  • Combining Puppeteer-real-browser with proxies
  • FlareSolverr integration with all the above

Current Setup and Problems

Right now I’m using FlareSolverr to make initial requests, then grabbing the cookies and user agent to feed into Puppeteer. But I’m hitting two major issues:

  1. FlareSolverr timing out - When it detects the challenge, it just fails with timeout errors
  2. Puppeteer still blocked - Even when FlareSolverr succeeds, Puppeteer still hits the challenge page

I think FlareSolverr might not be properly detecting challenges or getting the right cookies.

My Code

let solverResponse: any;
let retryCount = 0;
const maxRetries = 5;

// Keep trying FlareSolverr until success
while (retryCount < maxRetries) {
  try {
    let apiCall = await fetch("http://localhost:8191/v1", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({
        cmd: "request.get",
        url: targetUrl,
        maxTimeout: 6000,
        session: sessionToken,
      }),
    });

    solverResponse = await apiCall.json();

    if (solverResponse?.status === "error") {
      throw new Error(solverResponse?.message ?? "API call failed");
    }

    break;
  } catch (err: any) {
    retryCount++;
    if (retryCount === maxRetries) {
      throw new Error(`All ${retryCount} attempts failed: ${err.message}`);
    }
    await new Promise((resolve) => setTimeout(resolve, 2000));
  }
}

if (!solverResponse) throw new Error("No response from solver");

const extractedCookies = solverResponse.solution.cookies;
const extractedUserAgent = solverResponse.solution.userAgent;

if (!extractedUserAgent) throw new Error("Missing user agent");

if (extractedCookies.length !== 0) {
  await puppeteerBrowser.setCookie(
    ...extractedCookies.map((item: any) => ({ ...item, expires: item?.expiry ?? 0 }))
  );
}

await puppeteerPage.setUserAgent(extractedUserAgent);

await delay(Math.random() * 8000 + 2000);
await puppeteerPage.goto(targetUrl, { waitUntil: "networkidle0" });

const pageHtml = await puppeteerPage.content();
return pageHtml;

Am I missing something obvious here? What’s the best way to reliably get past Cloudflare these days?

2

cloudflare’s detection is tough rn. try increasing your maxTimeout to 15000 or more, and don’t forget to add random delays between your requests. also, use the same session for flaresolverr and puppeteer, it helps with cookie consistency.

3

Your code sets cookies before navigating to the page, but Cloudflare validates the entire request flow. Don’t just copy cookies - preserve the full session state including localStorage and sessionStorage from FlareSolverr. The networkidle0 wait condition might be too aggressive. Cloudflare runs background validation scripts that keep making network requests. Switch to domcontentloaded and add manual waits for specific elements instead. Also check if the site uses additional bot detection beyond Cloudflare. Some sites layer multiple protection services, so you might hit secondary checks even after bypassing CF. Monitor your network tab to see what requests are failing.

4

I’ve hit this same issue. The problem’s usually fingerprint mismatches between FlareSolverr and Puppeteer. Cloudflare spots differences in viewport size, WebGL renderer, or canvas fingerprint - even when you copy the user agent and cookies.

Here’s what fixed it for me: use the same Chrome executable for both tools and match all browser settings exactly. Copy ALL headers from FlareSolverr’s response, not just the user agent. The sec-ch-ua headers matter a lot.

Also check if the site runs extra JavaScript challenges after page load. You might need to wait longer or interact with specific elements before grabbing content.