DEV Community

Cover image for How to Bypass Captcha Using Javascript and 2Captcha
Idris Olubisiđź’ˇ
Idris Olubisiđź’ˇ

Posted on • Originally published at blog.idrisolubisi.com

How to Bypass Captcha Using Javascript and 2Captcha

One of the most unpleasant and ineffective user interface features is CAPTCHA.
CAPTCHA is for a Completely Automated Public Turing Test to Tell Computers and Humans Apart, and these tests have previously reached this level of inscrutability.

In this tutorial, we will learn how to bypass captcha using javascript and 2Captcha.

What are CAPTCHAs?

When a website wants to make sure the user isn't a robot, it uses CAPTCHAs (Completely Automated Public Turing Test to Tell Computers and Humans Apart). CAPTCHAs are typically used to prevent spam bots from tampering with content for fraudulent or malicious purposes.

One of the most popular CAPTCHAs we see requires the user to look at a partially obscured image of characters and input the letters they see. In recent years, CAPTCHAS has advanced in sophistication and now incorporates mini-games, picture recognition, and much more.

CAPTCHA's Downsides

  • Some CAPTCHA types are inaccessible to people who use screen readers or assistive technology to access a website.
  • Users find it inconvenient and frustrating.
  • For some audiences, it may be challenging to comprehend or use.
  • Some CAPTCHA types aren't compatible with all browsers.

What is 2Captcha

2Captcha is a service that recognizes images and CAPTCHAs. The primary goal of 2Captcha is for human employees to solve CAPTCHAs quickly and accurately.

2Captcha solves a variety of CAPTCHA styles using essentially the same two API endpoints. The first request sends the data needed to solve the CAPTCHA and returns a request ID (or a base64-ed image in the case of image CAPTCHAs). Once you obtain the request ID, you must send requests to the resulting endpoint, which we will query periodically until the solution is complete.

2Captcha Account Setup

We need to sign up on 2Captcha 's platform to create an API Key for making requests.

  • Register

Register on 2Captcha

After completing the signup process, we need to pay a token starting at 0.5 USD for 1000 completed CAPTCHAs to request our application.

  • API Key

As displayed below, we now have access to API Key on our dashboard, which we will use later in this tutorial.

2Captcha Dashboard

How to bypass CAPTCHA on a website

To get started, we'll need to set up our project.

Open Visual Studio Code by navigating to a directory of your choice on your machine and opening it on the terminal.

Then execute:

code.
Enter fullscreen mode Exit fullscreen mode

Note: code . won't work if you don't have Visual Studio Code installed on your system.

Step 1 - Create a directory and initialize npm

Create a directory and initialize npm by typing the following command:

  • Windows power shell
mkdir solve-recaptcha-demo

cd solve-recaptcha-demo

npm init -y
Enter fullscreen mode Exit fullscreen mode
  • Linux
mkdir solve-recaptcha-demo

cd solve-recaptcha-demo

npm init -y
Enter fullscreen mode Exit fullscreen mode

Step 2 - Create a file

In step 1, we initialized npm with the command npm init -y, which automatically created a package.json.

We need to create the file using the command below:

touch index.js
Enter fullscreen mode Exit fullscreen mode

Step 3 - Install dependencies

We'll install several dependencies like axios, 2captcha.

npm i 2captcha axios
Enter fullscreen mode Exit fullscreen mode

Step 4 - Demo SIte

We'll use Discord to see if we can get around the captcha on their signup page.

Disclaimer: Most websites' terms of service restrict bypassing captchas; this article is solely for educational reasons. Please don't use it for anything malicious.

Let's try inspecting and creating an account on the Registration page so we can get the request payload, fingerprint, captcha key, and so on.

The request payload after we signed up and were forwarded to the captcha page in the browser's network tab, which we would be sent from our application, is shown in the screenshot below.

2Captcha request payload

We also need a site/captcha key, which will be included in our request body when sending a request from our application. Let's head over to the Response tab as shown below to copy the key.

2Captcha key

Step 5 - Demo

We successfully retrieved all the request payload, site key, and fingerprint details in Step 4, so let's head over to our application to register an account and bypass the captcha, which is what we set out to accomplish in this article.

In index.js, let's create a function with the required data to request 2captcha to bypass captcha on user registration action as shown in the snippet below:

const Captcha = require("2captcha");
const axios = require("axios");

// Get access to solver by passing your API key
const captchaSolver = new Captcha.Solver("YOUR_API_KEY_HERE");

// Bypass Captcha function
const bypassCaptcha = async () => {
  console.log("Waiting for response...");

  // Send the captcha solution to the server
  try {
    // Get the captcha image and solve it using 2Captcha
    const { data } = await captchaSolver.hcaptcha(
      "f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34",
      "https://discord.com/register"
    );

    let response = await axios.post(
      "https://discord.com/api/v9/auth/register",
      {
        captcha_key: data,
        consent: true,
        date_of_birth: "1995-06-04",
        email: "testnewmail22@gmail.com",
        fingerprint: "892890553807699989.RrSzl_XX1W9EjtTtvu6v-hIRTww",
        gift_code_sku_id: null,
        invite: null,
        password: "testMail12345",
        promotional_email_opt_in: false,
        username: "testMail12",
      }
    );

    // Print the response
    console.log(response.data);
  } catch (err) {
    console.log(err);
  }
};

// Run the function
bypassCaptcha();


Enter fullscreen mode Exit fullscreen mode

In the snippet above:

  • We get access to the solver by passing our API key
  • We also get the captcha image and solve it using 2Captcha inside the function created
  • We send the captcha solution and other data to the server using axios
  • We then log the response and wait for 2Captcha

To run this, type the command below:

node index
Enter fullscreen mode Exit fullscreen mode

Waiting for response... will be printed on the console almost immediately then we can wait for approximately 5 to 20 secs for the response, which will be similar to what we have below.

2Captcha resolved captcha

Voila 🥳 We successfully bypassed the captcha during the registration, and now we have a token to log in, as shown above. Let us proceed to log in.

Step 6 - Login

We'll use the token we got after bypassing the captcha to log in, which we can do directly from the console by pasting the snippet below into the console and executing the login method, which will redirect us when necessary.

function login(token) {
  setInterval(() => {
    document.body.appendChild(
      document.createElement`iframe`
    ).contentWindow.localStorage.token = `"${token}"`;
  }, 50);
  setTimeout(() => {
    location.reload();
  }, 2500);
}

Enter fullscreen mode Exit fullscreen mode

We will execute the login method in the console using the snippet below.

login("TOKEN_HERE")
Enter fullscreen mode Exit fullscreen mode

After pasting the snippet above, we should end up with something like this:

Login Token

The final result is displayed below, in which we are redirected to validate/verify our phone number:

captcha bypassed

We may now confirm our phone number and begin utilising the demo site.

Kindly find the link to the repo here 👇

GitHub logo Olanetsoft / solve-recaptcha-demo

This is a demo project on how to solve recaptcha using 2Captcha

solve-recaptcha-demo

This is a demo project on how to solve recaptcha using 2Captcha

Conclusion

We learned how to bypass captcha and login in this article effectively, and this action may be performed on any site that uses captcha.

Resources

I'd love to connect with you at Twitter | LinkedIn | GitHub | Portfolio

See you in my next blog article. Take care!!!

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.