Reese84 Dynamic

Reese is an advanced bot detection and protection system used by Imperva / Incapsula. Websites protected by Reese dynamic display a "Pardon Our Interruption" page to visitors. To gain access to the protected content, clients must solve a JavaScript challenge and submit the correct payload.

Challenge Flow Overview

The Reese challenge follows this sequence:

  1. Initial Request: Client requests a protected page

  2. Challenge Page: Server returns a challenge page with a script reference

  3. Payload Generation: Client uses our API to generate the correct payload

  4. Payload Submission: Client submits the payload to the challenge endpoint

  5. Access Granted: Upon verification, client can access the protected content

Implementation Guide

Step 1: Initial Request & Challenge Detection

When you make a request to a protected resource, you'll receive a "Pardon Our Interruption" page instead of the expected content:

GET / HTTP/2
Chrome: Headers

The response will contain HTML with a script tag that includes essential parameters:

<script>
  if (!isSpa) {
    var scriptElement = document.createElement('script');
    scriptElement.type = "text/javascript";
    scriptElement.src = "/onalbaine-legeance-what-come-Womany-Malcome-to-o/14167535692918208311?s=xcUvM9nI";
    scriptElement.async = true;
    scriptElement.defer = true;
    document.head.appendChild(scriptElement);
  }
</script>

Step 2: Extract Script URL

Extract the script path and full URL from the challenge page using regex:

// Extract the script path
const pathRegex = /<script[\s\S]*?src\s*=\s*"(\/[^"?]+)(?:\?([^"]+))?"[\s\S]*?<\/script>/i;
const matches = pathRegex.exec(htmlContent);

if (matches && matches.length >= 2) {
  const scriptPath = matches[1]; // e.g., "/onalbaine-legeance-what-come-Womany-Malcome-to-o/14167535692918208311"
  const queryParams = matches[2] || ""; // e.g., "s=xcUvM9nI"
  
  const scriptUrl = `https://www.example.com${scriptPath}${queryParams ? '?' + queryParams : ''}`;
  // Result: "https://www.example.com/onalbaine-legeance-what-come-Womany-Malcome-to-o/14167535692918208311?s=xcUvM9nI"
}

Step 3: Generate the Payload

Use our API to generate the Reese payload. Our service handles all the complex aspects of creating a properly formatted payload that will pass Incapsula's verification.

Our API will return the properly formatted payload string needed for the next step.

Step 4: Submit the Payload

Post the generated payload to the challenge endpoint:

POST /onalbaine-legeance-what-come-Womany-Malcome-to-o/14167535692918208311?d=www.example.com HTTP/2
Chrome: Headers

[YOUR_GENERATED_PAYLOAD]

The server will respond with a token in JSON format:

{
  "token": "3:2wlemniq+CXN97167oNjyw==:EraPjamziyuz1z+y39IgCL7kGmQUj5ld8/s0lTnEtTyBBRpPH9xQvUynVmaj71KMkuqqU8qQkr61D6KI89fI529NeoOdI+yiiM0Pob4t/yT1P8sNLNxICsnsYl3GWOVl8cHRSVITO69rmzmBVXqPKb7jQBP821axacX4loeamBKiKtrzJDW0t64/ABgSnmrEu5KrRPXcRBvbpPNY1LortqTRSuol2xgbTxXQOM2yTtAFQosGR8BJHiZx0/cNhlMLTeFn0U5OreWsPWgeT1ySeaM4hvxa80sO+eKCgpDpnoh6WUIq/RGyeoT4tyiKtI+LghDNC/KJVLFE1OpmvPg/Brr6S13ld0zFJDUd9cAJjCJd3xN4+pcDVyJAO37QWgbPOB722vNj+kXzsrhj0Te1Wy8BROcnIme87k4MiV2E3mLA28oYQumiR1o9rOI8WvHfnnLuKtVZ+c39RokblFF7AbYr+L/6ve8eoINzuF4a09fuCPNHQ9uMS3v250TpkW1PRBsNVGYCMX/09yWUWxul8w==:9m6vPAYT5ejoAXhWTNnpAkPCZPdltpDQUzsxzB47l+Y=",
  "renewInSec": 896,
  "cookieDomain": "www.example.com"
}

Step 5: Store the Token & Access Protected Content

Save the token as a cookie named reese84 with the domain from the response. Now make your request to the previously protected resource:

GET / HTTP/2
Chrome: Headers
Cookie: reese84=3:2wlemniq+CXN97167oNjyw==:EraPjamziyuz1z+y39IgCL7kGmQUj5ld8/s0lTnEtTyBBRpPH9xQvUynVmaj71KMkuqqU8qQkr61D6KI89fI529NeoOdI+yiiM0Pob4t/yT1P8sNLNxICsnsYl3GWOVl8cHRSVITO69rmzmBVXqPKb7jQBP821axacX4loeamBKiKtrzJDW0t64/ABgSnmrEu5KrRPXcRBvbpPNY1LortqTRSuol2xgbTxXQOM2yTtAFQosGR8BJHiZx0/cNhlMLTeFn0U5OreWsPWgeT1ySeaM4hvxa80sO+eKCgpDpnoh6WUIq/RGyeoT4tyiKtI+LghDNC/KJVLFE1OpmvPg/Brr6S13ld0zFJDUd9cAJjCJd3xN4+pcDVyJAO37QWgbPOB722vNj+kXzsrhj0Te1Wy8BROcnIme87k4MiV2E3mLA28oYQumiR1o9rOI8WvHfnnLuKtVZ+c39RokblFF7AbYr+L/6ve8eoINzuF4a09fuCPNHQ9uMS3v250TpkW1PRBsNVGYCMX/09yWUWxul8w==:9m6vPAYT5ejoAXhWTNnpAkPCZPdltpDQUzsxzB47l+Y=

Implementation Best Practices

  1. Preserve Headers: Maintain consistent headers and header-order between requests

  2. Token Renewal: The token has an expiration time (renewInSec). Consider implementing a renewal mechanism

API Integration Notes

Our API simplifies the complex process of generating valid Reese payloads.

For detailed API specifications, endpoint documentation, and usage examples, please refer to our API Reference Documentation.

PreviousReese84NextIncapsula Captcha Block

Last updated