One of the most unpleasant and ineffective user interface features is CAPTCHA.
CAPTCHA is for a Completely Automated Public Turing Test to Tell Computers and Humans Apart, and these tests have previously reached this level of inscrutability.
In this tutorial, we will learn how to bypass captcha using javascript and 2Captcha.
What are CAPTCHAs?
When a website wants to make sure the user isn't a robot, it uses CAPTCHAs (Completely Automated Public Turing Test to Tell Computers and Humans Apart). CAPTCHAs are typically used to prevent spam bots from tampering with content for fraudulent or malicious purposes.
One of the most popular CAPTCHAs we see requires the user to look at a partially obscured image of characters and input the letters they see. In recent years, CAPTCHAS has advanced in sophistication and now incorporates mini-games, picture recognition, and much more.
CAPTCHA's Downsides
- Some CAPTCHA types are inaccessible to people who use screen readers or assistive technology to access a website.
- Users find it inconvenient and frustrating.
- For some audiences, it may be challenging to comprehend or use.
- Some CAPTCHA types aren't compatible with all browsers.
What is 2Captcha
2Captcha is a service that recognizes images and CAPTCHAs. The primary goal of 2Captcha is for human employees to solve CAPTCHAs quickly and accurately.
2Captcha solves a variety of CAPTCHA styles using essentially the same two API endpoints. The first request sends the data needed to solve the CAPTCHA and returns a request ID (or a base64-ed image in the case of image CAPTCHAs). Once you obtain the request ID, you must send requests to the resulting endpoint, which we will query periodically until the solution is complete.
2Captcha Account Setup
We need to sign up on 2Captcha 's platform to create an API Key for making requests.
- Register
After completing the signup process, we need to pay a token starting at 0.5 USD for 1000 completed CAPTCHAs to request our application.
- API Key
As displayed below, we now have access to API Key on our dashboard, which we will use later in this tutorial.
How to bypass CAPTCHA on a website
To get started, we'll need to set up our project.
Open Visual Studio Code by navigating to a directory of your choice on your machine and opening it on the terminal.
Then execute:
code.
Note:
code .
won't work if you don't have Visual Studio Code installed on your system.
Step 1 - Create a directory and initialize npm
Create a directory and initialize npm by typing the following command:
- Windows power shell
mkdir solve-recaptcha-demo
cd solve-recaptcha-demo
npm init -y
- Linux
mkdir solve-recaptcha-demo
cd solve-recaptcha-demo
npm init -y
Step 2 - Create a file
In step 1, we initialized npm with the command npm init -y, which automatically created a package.json.
We need to create the file using the command below:
touch index.js
Step 3 - Install dependencies
We'll install several dependencies like axios, 2captcha.
npm i 2captcha axios
Step 4 - Demo SIte
We'll use Discord to see if we can get around the captcha on their signup page.
Disclaimer: Most websites' terms of service restrict bypassing captchas; this article is solely for educational reasons. Please don't use it for anything malicious.
Let's try inspecting and creating an account on the Registration page so we can get the request payload, fingerprint, captcha key, and so on.
The request payload after we signed up and were forwarded to the captcha page in the browser's network tab,
which we would be sent from our application, is shown in the screenshot below.
We also need a site/captcha key, which will be included in our request body when sending a request from our application. Let's head over to the Response tab
as shown below to copy the key.
Step 5 - Demo
We successfully retrieved all the request payload, site key, and fingerprint details in Step 4, so let's head over to our application to register an account and bypass the captcha, which is what we set out to accomplish in this article.
In index.js,
let's create a function with the required data to request 2captcha to bypass captcha on user registration action as shown in the snippet below:
const Captcha = require("2captcha");
const axios = require("axios");
// Get access to solver by passing your API key
const captchaSolver = new Captcha.Solver("YOUR_API_KEY_HERE");
// Bypass Captcha function
const bypassCaptcha = async () => {
console.log("Waiting for response...");
// Send the captcha solution to the server
try {
// Get the captcha image and solve it using 2Captcha
const { data } = await captchaSolver.hcaptcha(
"f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34",
"https://discord.com/register"
);
let response = await axios.post(
"https://discord.com/api/v9/auth/register",
{
captcha_key: data,
consent: true,
date_of_birth: "1995-06-04",
email: "testnewmail22@gmail.com",
fingerprint: "892890553807699989.RrSzl_XX1W9EjtTtvu6v-hIRTww",
gift_code_sku_id: null,
invite: null,
password: "testMail12345",
promotional_email_opt_in: false,
username: "testMail12",
}
);
// Print the response
console.log(response.data);
} catch (err) {
console.log(err);
}
};
// Run the function
bypassCaptcha();
In the snippet above:
- We get access to the solver by passing our API key
- We also get the captcha image and solve it using 2Captcha inside the function created
- We send the captcha solution and other data to the server using axios
- We then log the response and wait for 2Captcha
To run this, type the command below:
node index
Waiting for response...
will be printed on the console almost immediately then we can wait for approximately 5 to 20 secs for the response, which will be similar to what we have below.
Voila 🥳 We successfully bypassed the captcha during the registration, and now we have a token to log in, as shown above. Let us proceed to log in.
Step 6 - Login
We'll use the token we got after bypassing the captcha to log in, which we can do directly from the console by pasting the snippet below into the console and executing the login
method, which will redirect us when necessary.
function login(token) {
setInterval(() => {
document.body.appendChild(
document.createElement`iframe`
).contentWindow.localStorage.token = `"${token}"`;
}, 50);
setTimeout(() => {
location.reload();
}, 2500);
}
We will execute the login method in the console using the snippet below.
login("TOKEN_HERE")
After pasting the snippet above, we should end up with something like this:
The final result is displayed below, in which we are redirected to validate/verify our phone number:
We may now confirm our phone number and begin utilising the demo site.
Kindly find the link to the repo here 👇
Olanetsoft / solve-recaptcha-demo
This is a demo project on how to solve recaptcha using 2Captcha
solve-recaptcha-demo
This is a demo project on how to solve recaptcha using 2Captcha
Conclusion
We learned how to bypass captcha and login in this article effectively, and this action may be performed on any site that uses captcha.
Resources
I'd love to connect with you at Twitter | LinkedIn | GitHub | Portfolio
See you in my next blog article. Take care!!!
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.