⚡UTMVC

The utmvc challenge is a legacy challenge, and is often not requried anymore. However some sites do still require utmvc to be solved.

How do I know if I should solve utmvc?

If you try and access a protected site, you will be given the following block page from the server:

<html>
<head>
<META NAME="robots" CONTENT="noindex,nofollow">
<script src="/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3">
</script>
<body>
</body></html>

In this instance, usually you need to solve the utmvc challenge

How do I solve the challenge?

If you are blocked with the above response, follow these steps.

1. Perform a GET request to the script src in the block page.

   1. In this case it is /_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3however it may be different for you, so make sure you parse it

2. The result of the GET will be an obfuscated Javascript challenge script. Base64 encode the response and use this as the scriptparameter when sending it to our API (see API Reference)

3. After you have submitted the requested data to the API, you will recieve a JSON object with two values ___utmvcand SWHANEDL.

4. If there is a value for SWHANEDLthen you need to make a GET request to /_Incapsula_Resource?SWHANEDL= and use the value returned from the API

5. After this request, add the ___utmvccookie to your requests

6. Perform another GET request to /_Incapsula_Resource?SWKMTFSR=1&e=0.47671500400673494. Ensure that you replace 0.47671500400673494 with a random value that is less than 1 with 15 decimal places. If you're using Javascript, Math.Random()will do this.

7. If the ___utmvccookie was accepted, you will recieve a response with 1in the body

8. You can now retry the original blocked request and you will be unlocked. See the example screenshot below for an example on how to execute the requests