Most webmasters are using Google ReCaptcha as protection against automations. But this is not the only solution on the market. One of the most popular alternatives is hCaptcha. Now it's used by Cloudflare, a leader on the Anti-DDoS market and one of major CDN providers at the moment. It means that if Cloudflare finds you suspicious, sooner or later you will meet hCaptcha.
Cloudflare happily announced that they are moving from Google ReCaptcha to Intuition Machines's hCaptcha. The move helped big time with data confidentiality concerns and captcha flexibility. Now attack protection is even more adaptive. This will affect all Cloudflare customers.
Also, hCaptcha
- unlike Google, it doesn't gather personal data;
- due to worldwide distributed CDN, captcha works fast and flawless;
- compatible with ReCaptcha so it is very easy to migrate;
- suitable for people with disabilities.
Sounds great, doesn't it? But what about bypassing hCaptcha on Cloudflare?
For fast hCaptcha automation, we will use the 2captcha-python module. It requires Python 3.x and could be installed with pip
pip3 install 2captcha-python
or you may clone a repository, but don’t forget to install a requests module beforehand.
git clone https://github.com/2captcha/2captcha-python.git
Preparation
We will need to create a new instance of 2Captcha class sending your API key.
from 2captcha import 2Captcha #module import
solver = 2Captcha('YOUR_API_KEY') #your 2captcha API key
Captcha resolution
Now let’s create a captcha resolution algorithm.
result = solver.hcaptcha(sitekey='10000000-ffff-ffff-ffff-000000000001',
url='https://www.site.com/page/',
proxy={
'type': 'HTTPS',
'uri': 'username:password@1.2.3.4:1234'
})
Please note that Cloudflare checks IP address during hCaptcha token verification. So now, the captcha should be solved from the same IP address you submit it from. To successfully bypass hCaptcha on Cloudflare you should send your proxy along with other captcha parameters.
This call will return a token to bypass a captcha.
{'captchaId': '64793693810', 'code': 'P0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUz...'}
Using a solution
The token from code is then submitted to a website in h-captcha-response and g-recaptcha-response fields. The easiest way to do that is using JavaScript if you are using a browser. Otherwise, send the token in an appropriate HTTP request.
let submitToken = (token) => {
document.querySelector('[name=g-recaptcha-response]').innerText = token
document.querySelector('[name=h-captcha-response]').innerText = token
document.querySelector('.challenge-form').submit()
}
submitToken('TOKEN_STRING')
Is it worth the time spent? In our opinion, absolutely yes. A couple of lines of code will save you a lot of time. And, if you decide to run a self-hosted solution, 2captcha will be even more profitable.
Top comments (5)
bonjour, peut-on avoir une extension google chrome pour contourner hCaptcha.
je suis un amateur et je travail sur une site de rendez-vous.
merci pour votre aide
Marhba
Thank you so much, hCaptcha is so annoying
Hey, this is really interesting, is it still working?
Hello, it would be very appreciated if there was a tutorial about this!