Reverse Engineering ChatGPT's Cloudflare Turnstile: 55-Property Fingerprinting Including React Application State

A security researcher has decrypted 377 Cloudflare Turnstile programs from ChatGPT network traffic, revealing a sophisticated three-layer bot detection system that goes far beyond standard browser fingerprinting by verifying the actual React application state.

The Discovery

Every ChatGPT message triggers a Cloudflare Turnstile program running silently in the browser. The researcher decrypted these programs and found they check 55 properties across three layers.

Three-Layer Detection

Layer 1: Browser Fingerprint (30 properties)

• WebGL renderer info (8 properties)
• Screen dimensions and color depth (8)
• Hardware specs: CPU cores, memory, touch points (5)
• Font measurement via hidden DOM elements (4)
• DOM capability probing (8)
• Storage quota and persistence (5)

Layer 2: Cloudflare Network (5 properties)

Edge headers injected by Cloudflare: city, latitude, longitude, connecting IP, user region. These only exist if the request passed through Cloudflare's network.

Layer 3: Application State (3 properties)

This is the breakthrough finding. Turnstile checks React Router v6 internals (__reactRouterContext, loaderData, clientBootstrap) that only exist when the ChatGPT React application has fully rendered and hydrated.

A headless browser that loads HTML but doesn't execute JavaScript won't have these. A bot framework that stubs browser APIs but doesn't run React won't have them.

The Encryption

The bytecode arrives encrypted in 28,000 characters of base64. The researcher traced the full decryption chain and found the XOR key embedded in the bytecode itself as a float literal (verified across 50 requests).

Source: buchodi.com, Hacker News