Disclaimer: This information is for educational purposes only.
What does Captcha mean?
Captcha is a security measure used to distinguish between computer and human behavior.
It is also used to prevent password guessing attacks (Brute Force) performed by trial and error method by increasing security on account access points.
Is Captcha sufficient?
A study showed us that CAPTCHA is insufficient. There are many ways to circumvent Captcha, but for now, the most effective of them is CAPTCHA Solving Services. With a quick search on Google, many names that provide solutions in this field can be reached.
What is 2Captcha?
2Captcha is an image and Captcha recognition service. The main purpose of 2Captcha is to solve CAPTCHAs quickly and accurately by human workers.
2Captcha resolves a number of different Captcha styles, all with two mostly identical API endpoints. The first request provides the data needed to decode the Captcha and returns a request
ID (or a base64 image in the case of image Captchas). Once you have the request
id you will need to send the request to the result endpoint which we frequently query until the solution is ready.
The response you get is a
token that must be submitted next to the form and entered in a hidden text field.
Supported Captchas by 2Captcha:
- Google ReCaptcha V2 + V3
- ++ many more!!
How to bypass Captcha?
Let’s see together how the solutions offered by 2Captcha can be used to bypass the Captcha systems:
We view the source code of the page containing
ReCaptcha and copy the value in the
data-sitekey parameter from the content of the
HTML code from the first request to 2Captcha servers.
After that, we obtained a URL similar to the one below by using the
API key we received from 2Captcha, which we will use in all our requests, and the
data-sitekey value of an
HTML object belonging to
https://2captcha.com/in.php?key=<2Captcha API KEY>&method=userrecaptcha&googlekey=<data–sitekey VALUE>&pageurl=<PAGE URL>
When we visit the URL via browser, we make a
GET request to the 2Captcha servers and get the following response:
OK statement from the response tells us that everything is fine. Using the numbers following the pipe(
|) character and the
API key, we create a new URL to get our solution.
https://2captcha.com/res.php?key=<2Captcha API KEY>&action=get&id=<ID value from previous request>
When we load the request, it returned us plain text. Actually, this text shows that our Captcha was successfully resolved by 2Captcha:
Finally, we go back to our CAPTCHA page and search for the
g-recaptcha-response text among the HTML codes using
Inspect Element and add the value we recieved from the previous request:
It may have taken us a while to do this manually, but this was just a simple example of what we can do in a few steps using a browser. By using programming languages such as
Python, We can perform the same operations quickly.