Disclaimer: This information is for educational purposes only.
What does Captcha mean?
Captcha is a security measure used to distinguish between computer and human behavior.
It is also used to prevent password guessing attacks (Brute Force) performed by trial and error method by increasing security on account access points.
Is Captcha sufficient?
A study showed us that CAPTCHA is insufficient. There are many ways to circumvent Captcha, but for now, the most effective of them is CAPTCHA Solving Services. With a quick search on Google, many names that provide solutions in this field can be reached.
What is 2Captcha?
2Captcha is an image and Captcha recognition service. The main purpose of 2Captcha is to solve CAPTCHAs quickly and accurately by human workers.
2Captcha resolves a number of different Captcha styles, all with two mostly identical API endpoints. The first request provides the data needed to decode the Captcha and returns a request ID
(or a base64 image in the case of image Captchas). Once you have the request id
you will need to send the request to the result endpoint which we frequently query until the solution is ready.
The response you get is a token
that must be submitted next to the form and entered in a hidden text field.
Supported Captchas by 2Captcha:
- Google ReCaptcha V2 + V3
- hCaptcha
- KeyCaptcha
- FunCaptcha
- ++ many more!!
How to bypass Captcha?
Let's see together how the solutions offered by 2Captcha can be used to bypass the Captcha systems:
We view the source code of the page containing ReCaptcha
and copy the value in the data-sitekey
parameter from the content of the HTML
code from the first request to 2Captcha servers.
data-sitekey
:
After that, we obtained a URL similar to the one below by using the API key
we received from 2Captcha, which we will use in all our requests, and the data-sitekey
value of an HTML
object belonging to ReCaptcha
.
https://2captcha.com/in.php?key=<2Captcha API KEY>&method=userrecaptcha&googlekey=<data–sitekey VALUE>&pageurl=<PAGE URL>
When we visit the URL via browser, we make a GET
request to the 2Captcha servers and get the following response:
The OK
statement from the response tells us that everything is fine. Using the numbers following the pipe(|
) character and the API key
, we create a new URL to get our solution.
https://2captcha.com/res.php?key=<2Captcha API KEY>&action=get&id=<ID value from previous request>
When we load the request, it returned us plain text. Actually, this text shows that our Captcha was successfully resolved by 2Captcha:
Finally, we go back to our CAPTCHA page and search for the g-recaptcha-response
text among the HTML codes using Inspect Element
and add the value we recieved from the previous request:
It may have taken us a while to do this manually, but this was just a simple example of what we can do in a few steps using a browser. By using programming languages such as Python
, We can perform the same operations quickly.
Top comments (2)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.