Disclaimer: This information is for educational purposes only.

What does Captcha mean?

Captcha is a security measure used to distinguish between computer and human behavior.

It is also used to prevent password guessing attacks (Brute Force) performed by trial and error method by increasing security on account access points.

Is Captcha sufficient?

A study showed us that CAPTCHA is insufficient. There are many ways to circumvent Captcha, but for now, the most effective of them is CAPTCHA Solving Services. With a quick search on Google, many names that provide solutions in this field can be reached.

What is 2Captcha?

2Captcha is an image and Captcha recognition service. The main purpose of 2Captcha is to solve CAPTCHAs quickly and accurately by human workers.

2Captcha resolves a number of different Captcha styles, all with two mostly identical API endpoints. The first request provides the data needed to decode the Captcha and returns a request ID (or a base64 image in the case of image Captchas). Once you have the request id you will need to send the request to the result endpoint which we frequently query until the solution is ready.

The response you get is a token that must be submitted next to the form and entered in a hidden text field.

Supported Captchas by 2Captcha:

  • Google ReCaptcha V2 + V3
  • hCaptcha
  • KeyCaptcha
  • FunCaptcha
  • ++ many more!!

How to bypass Captcha?

Let’s see together how the solutions offered by 2Captcha can be used to bypass the Captcha systems:

We view the source code of the page containing ReCaptcha and copy the value in the data-sitekey parameter from the content of the HTML code from the first request to 2Captcha servers.

data-sitekey:

data-sitekey from ReCaptcha

After that, we obtained a URL similar to the one below by using the API key we received from 2Captcha, which we will use in all our requests, and the data-sitekey value of an HTML object belonging to ReCaptcha.

https://2captcha.com/in.php?key=<2Captcha API KEY>&method=userrecaptcha&googlekey=<dataโ€“sitekey VALUE>&pageurl=<PAGE URL>

When we visit the URL via browser, we make a GET request to the 2Captcha servers and get the following response:

2Captcha API first response

The OK statement from the response tells us that everything is fine. Using the numbers following the pipe(|) character and the API key, we create a new URL to get our solution.

https://2captcha.com/res.php?key=<2Captcha API KEY>&action=get&id=<ID value from previous request>

When we load the request, it returned us plain text. Actually, this text shows that our Captcha was successfully resolved by 2Captcha:

2Captcha API second response

Finally, we go back to our CAPTCHA page and search for the g-recaptcha-response text among the HTML codes using Inspect Element and add the value we recieved from the previous request:

Where to add recaptcha response

Verification Success ReCaptcha

It may have taken us a while to do this manually, but this was just a simple example of what we can do in a few steps using a browser. By using programming languages such as Python, We can perform the same operations quickly.