I only write my own crackers with Node, but the key to Cloudflare is when you parse their script, you have to wait 5 seconds or whatever it is before hitting the verify url or you won't get a working cookie. Sometimes you can find the real IP for an actual bypass, but just resolving it won't work. If you can find common subdomains on the same domain that don't resolve to CF you might hit the web server directly with one.