DEV Community

Cover image for Bypassing hCaptcha with Python
2captcha
2captcha

Posted on

Bypassing hCaptcha with Python

Most webmasters are using Google ReCaptcha as protection against automations. But this is not the only solution on the market. One of the most popular alternatives is hCaptcha. Now it's used by Cloudflare, a leader on the Anti-DDoS market and one of major CDN providers at the moment. It means that if Cloudflare finds you suspicious, sooner or later you will meet hCaptcha.

Cloudflare happily announced that they are moving from Google ReCaptcha to Intuition Machines's hCaptcha. The move helped big time with data confidentiality concerns and captcha flexibility. Now attack protection is even more adaptive. This will affect all Cloudflare customers.

Also, hCaptcha

  • unlike Google, it doesn't gather personal data;
  • due to worldwide distributed CDN, captcha works fast and flawless;
  • compatible with ReCaptcha so it is very easy to migrate;
  • suitable for people with disabilities.

Sounds great, doesn't it? But what about bypassing hCaptcha on Cloudflare?

For fast hCaptcha automation, we will use the 2captcha-python module. It requires Python 3.x and could be installed with pip

pip3 install 2captcha-python
Enter fullscreen mode Exit fullscreen mode

or you may clone a repository, but don’t forget to install a requests module beforehand.

git clone https://github.com/2captcha/2captcha-python.git
Enter fullscreen mode Exit fullscreen mode

Preparation

We will need to create a new instance of 2Captcha class sending your API key.

from 2captcha import 2Captcha #module import
solver = 2Captcha('YOUR_API_KEY') #your 2captcha API key
Enter fullscreen mode Exit fullscreen mode

Captcha resolution

Now let’s create a captcha resolution algorithm.

result = solver.hcaptcha(sitekey='10000000-ffff-ffff-ffff-000000000001',                            url='https://www.site.com/page/',                             proxy={
                                'type': 'HTTPS',
                                'uri': 'username:password@1.2.3.4:1234'
                            })
Enter fullscreen mode Exit fullscreen mode

Please note that Cloudflare checks IP address during hCaptcha token verification. So now, the captcha should be solved from the same IP address you submit it from. To successfully bypass hCaptcha on Cloudflare you should send your proxy along with other captcha parameters.

This call will return a token to bypass a captcha.

{'captchaId': '64793693810', 'code': 'P0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUz...'} 
Enter fullscreen mode Exit fullscreen mode

Using a solution

The token from code is then submitted to a website in h-captcha-response and g-recaptcha-response fields. The easiest way to do that is using JavaScript if you are using a browser. Otherwise, send the token in an appropriate HTTP request.

let submitToken = (token) => {
   document.querySelector('[name=g-recaptcha-response]').innerText = token
   document.querySelector('[name=h-captcha-response]').innerText = token
   document.querySelector('.challenge-form').submit()
}
submitToken('TOKEN_STRING')
Enter fullscreen mode Exit fullscreen mode

Is it worth the time spent? In our opinion, absolutely yes. A couple of lines of code will save you a lot of time. And, if you decide to run a self-hosted solution, 2captcha will be even more profitable.

Top comments (5)

Collapse
 
zender007 profile image
zender007

bonjour, peut-on avoir une extension google chrome pour contourner hCaptcha.
je suis un amateur et je travail sur une site de rendez-vous.
merci pour votre aide

Collapse
 
ilyesoft profile image
ilyesoft

Marhba

Collapse
 
onyxcode profile image
Dan

Thank you so much, hCaptcha is so annoying

Collapse
 
hedirose profile image
Hedi O

Hey, this is really interesting, is it still working?

Collapse
 
bindygames profile image
Bindygames

Hello, it would be very appreciated if there was a tutorial about this!