Open l10r opened 3 years ago
@dinohorvat I'm using what @nayde-fr suggested above to return n
and c
as an array:
async function getCode(host, sitekey) {
let response = (await axios.get(`https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=1`)).data;
const browser = await puppeteer.launch({
headless: true,
args: [`--window-size=600,1000`, '--window-position=000,000', '--disable-dev-shm-usage', '--no-sandbox', '--user-data-dir="/tmp/chromium"', '--disable-web-security', '--disable-features=site-per-process']
});
const [page] = await browser.pages();
await page.addScriptTag({url: 'https://assets.hcaptcha.com/c/f1430c5c/hsw.js'});
let hswResponse = await page.evaluate(response => hsw(response.c.req), response);
return [hswResponse, response['c']];
}
My host and sitekey are passed in from what I parsed out of the iframe on the page (so its dynamic based on any page that shows an hcaptcha). I'm then creating my data using the parsed sitekey and host as well as the n
and c
value I just recieved:
let data = {
sitekey: urlParams.get('sitekey'),
host: urlParams.get('host'),
n: hswResponse[0],
c: JSON.stringify(hswResponse[1]),
v: 'f1430c5c'
}
As for my /getcaptcha
call:
let response = await request('https://hcaptcha.com/getcaptcha', {
method: 'post',
json: true,
form: data
});
@aw1875 This import https://assets.hcaptcha.com/c/f1430c5c/hsw.js
is different for every host (At least what I've noticed). So you should go to the host website and check which hsw.js
is being accessed. I'm pretty sure its different than f1430c5c
. Once you get the correct version, apply it to your code.
@dinohorvat Didn't even think of that. I just gave that a try but still got the same type of message back. 'bypass-message': 'No bypass_token found.'
Is still at the very end.
@aw1875 It could be that your IP is blacklisted. Try accessing the host website and try to login. If hcaptcha puzzle pops up then your only solution to unblock it and be able to use the script, is to solve it few times manually (or use 2captcha with proxy to your IP). Another solution is to use multiple proxies, so when one fails just use another one. I suggest you start playing with it and see how it behaves, that's how I managed to get my solution working.
Also feel free to send me the site key and host and I will try it with my solution to see if it works.
@dinohorvat Appreciate the help. I've tried multiple proxies with no success so I'll just post the host and sitekey since the site I'm testing on is meant as an hcaptcha demo.
host: democaptcha.com
sitekey: 51829642-2cda-4b09-896c-594f89d700cc
The website I'm testing is http://democaptcha.com/demo-form-eng/hcaptcha.html
@aw1875 If the host doesn't have Invisible Captcha enabled, this "solver" won't work. In that case, your only option is something like 2captcha...
@dinohorvat Interesting. Using this repo with the fix from @FatihAraz I'm able to receive a response token from a site like this. Then I would manually open the console in chrome and set document.querySelector('[name="h-captcha-response"]').value = RESPONSE_TOKEN
and document.querySelector('[name="g-recaptcha-response"]').value= RESPONSE_TOKEN
. I'd have no problems submitting that form and it would work correctly. The only time I'm having issues is when I try to automate it using puppeteer since I don't want to setup a local environment to run the fix every time. I setup a part of my website that does this request (instead of using localhost) and I am able to get back a token such as:
F0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXNza2V5IjoiTk9DWVZDWmxSeERiVHJBcnFjcVlYWkYvT3IzNWNpNGRhOHZMRUhhWjZDeEtFb3YyRWJUMmZYeGQwS1luOTBPcU5OMzgvU1NBbkJmN3llWlVlZGhuRmNBRGVpMHdMVWZ3alBIZDBBdVRQRkZUK3lucHdQRUdlakc1NEQ2bnliN0l3Q2hZRnpGeXpoQ1NNeDFjYVBMY2RBYk1tWXVOUkVXL1A3ZzhlWjVzdnkwdm5OUzdWcXNZUWZUc2FjQWhqWlVOYktoaCtXQUhHamNUdVMyV3RQcTB3NHJqWXdHQ0RpNFF1Y2V2azY2YkZOTU40MUxXKzdvdHZiVjJVZTRqRFZpM2ZYa3RtUmV4d2NXZXUwMXFJSnp5UHdYeWFZNVAyZjhhaTBIM2tUeTFEbmY2K2hoUHF0MUI0dHUxNlgwPU5vUGlPdzBPOFQ5cmsza3AiLCJzaXRla2V5IjoiNTY5Y2JiYWEtMTcwMi00OTJkLWI4YWUtMmY5NmM2MGU2Njc1IiwiZXhwIjoxNjE1ODI3NTAwLCJwZCI6MH0.lVt2WYDgdrMwnx14jDo6YRbKkIYUGOOMQeTqJvoWfC0
Update:
There was a change which now requires a version to be sent to
/getcaptcha
So just attach
v=e0a51cf
to form data (or what ever the current version is).Also as a side note,
motionData
is completely irrelevant - you don't have to send it.
However I noticed that when I set
const motionCount = randomFromRange(1000, 10000);
to :
const motionCount = randomFromRange(8000, 10000);
in the getMouseMovements
function I reach a resolution rate close to 100%.
@nayde-fr you were able to get your puppeteer method to work?
@nayde-fr you were able to get your puppeteer method to work?
Yes, working perfectly. I was hitting some invalid-input-response
at the beginning cause I misformatted the post data.
But finally I solved this problem using qs.stringify
.
Here is my trysolve
function :
async function trysolve(page, config) {
let timestamp = Date.now() + randomFromRange(30, 120);
response = await instance({
method: 'post',
url: 'https://hcaptcha.com/getcaptcha',
data: qs.stringify({
sitekey,
host,
n: await page.evaluate(response => hsw(response.c.req), config),
c: JSON.stringify(config.c),
motionData: {
st: timestamp,
dct: timestamp,
mm: getMouseMovements(timestamp)
}
}),
headers: {
'content-type': 'application/x-www-form-urlencoded'
}
})
.then(response => {
return response;
})
.catch(error => {
return error.response;
})
return response;
}
Where :
page
is my puppeteer instance.config
is the result of the checksiteconfig
command.instance
is an instance of axios created with a custom User-Agent
header.@nayde-fr I think I figured it out like 30 seconds after you posted this! I took a different approach but it works and its fairly quick with the responses. Probably going to clean my code up a little bit so I can export the functions to another file for use but thanks for all the help from everyone!
{ c: { type: 'hsw', req: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoidyIsImQiOiJmNTU2MWJhOS04ZjFlLTQwY2EtOWI1Yi1hMGIzZjcxOWVmMzQiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvYmUxZTE5ZTMiLCJlIjoxNjE1OTQ1NzkxfQ.K9ZBQ_hJZzXsU_cZ60kjPFJrOr6Ulbcj6MksByGxvLk' }, success: false, 'error-codes': [] }
When I run it I just get "success" false without any errors. I followed the exact steps you suggested. Any ideas?
@DrewDaPilot are you trying to do this with puppeteer? If you are I made my solution into a simple module on NPMjs. If you're not then you can follow @FatihAraz's fix above. The only thing I noticed with his fix is that you may still get the wrong responses and have to refresh the page sometimes. The way you can fix that is a simple while loop such as:
while (true) {
try {
const response = await solveCaptcha('https://captcha-protected-site.com');
// You can log the response and then break the loop
console.log(response);
break;
// OR you could just return the response which would break the loop
return response;
} catch (e) {
// You can log the error here or just let the loop restart
console.log(e);
}
}
@aw1875 Indeed. I tried writing it as a expressjs server using puppeteer, however, I encountered that problem that I mentioned. Most of the code I wrote took inspiration from your repository, however, for some reason the server rejects it without an error message. I only used the browser to wrap hsw and everything else was done with axios requests (with a custom user-agent). I am really lost in regards to the server 'error' that I am facing. If you have any thoughts on the matter I would appreciate it. Right now I have a browser based solution that uses machine learning to solve the challenges given, but it would reduce cost and solve time if I can immediately generate a pass. I would love to hear your input or suggestions.
@DrewDaPilot when you make your post request to /getcaptcha
what does your n
look like as well as your c
?
For example my response looks like this:
response = await request({
method: "post",
headers,
json: true,
url: "https://hcaptcha.com/getcaptcha",
form: {
sitekey,
host,
n: hswResponse[0],
c: JSON.stringify(hswResponse[1]),
motionData: {
st: timestamp,
dct: timestamp,
mm: getMouseMovements(timestamp),
},
},
});
My n
value is coming from:
await page.evaluate((response) => hsw(response.c.req), response)
which is usually just a ton of numbers.
While my c
value is coming from response["c"]
. Then you need to make sure to use the JSON.stringify command on it within the post request (as you can see I did). Even though it is already a json response I noticed that it wasn't getting posted correctly until I explicitly made sure it was JSON.
I'd like to make sure you're getting proper responses at each step in your code so we can try and narrow down why you aren't getting the correct response in the end.
If you would like and have a discord perhaps we can troubleshoot there? The only change I can think of between your code and mine would be the fact that you seem to execute everything from within the browser, whereas, I only execute hsw from the browser. I am happy to send over some example data but the hsw
function executes without an error (invalid data would throw an error), my headers are all identical... I used charles proxy to get an ideas of the differences in requests between the real captcha response and the forged one and the only difference is of course the req
and n
value. I have a lurking suspicion that the n
value being generated is based on a timestamp and the puppeteer overhead to evaluate a script on the page and return it involves enough latency so the hashed value n
is considered old. From my research the hsw
function hashes the req
value with a timestamp to prevent time based attacks. It is also possible that the hsw
function reads the browser URL/href to determine if the browser is currently on the same page the captcha is being solved in. Unlike your example, my page is actually empty and I load only hsw onto the browser, nothing else. if the black box function checks the url of the browser page then its likely that is how it is being detected.
@aw1875 Thanks for your posts! I'm writing my own solution in GoLang based off of yours and some help I've gotten with DevTools. I'm a bit stuck at the moment; I'm using Playwright for GoLang in headless mode to get the HSW data which works flawlessly, but when I attempt to send a request to the getcaptcha endpoint of HCaptcha, I get a {"success":false,"error-codes":["invalid-data"]}
error. Do you have any idea what I could be doing wrong? My code is at:
https://github.com/JustTalDevelops/hcaptcha-solver-go
@DrewDaPilot shoot me a message on discord @ wxlfy#2232. Also @JustTalDevelops I'll take a look through your code when I get a few spare minutes at work and see if I can be of assistance!
@aw1875 Thanks for the response! I've been working on it a little more and seems like it's.. almost working. I get a response for the GetCaptcha endpoint now but whenever I try to send back a response with the tasks it fails. This is the response I'm getting:
{
"c": {
"type": "hsw",
"req": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoxNiwidCI6InciLCJkIjoiY2QyNTIyMzQtNDRkOC00YjgxLWIxZDUtZDRlMTRiNjI0ODM0IiwibCI6Imh0dHBzOi8vYXNzZXRzLmhjYXB0Y2hhLmNvbS9jLzYwNDNiNmRhIiwiZSI6MTYxNjE3NjU2N30.7t5QwKxVoJkjnRKiSEnnmLWQ-hL_E_NbpYnoc1SmNQ0"
},
"challenge_uri": "https://hcaptcha.com/challenge/grid/challenge.js",
"key": "5e4b867e-53c0-4ece-bcdb-7cce2e590272",
"request_config": {
"version": 0,
"shape_type": null,
"min_points": null,
"max_points": null,
"min_shapes_per_image": null,
"max_shapes_per_image": null,
"restrict_to_coords": null,
"minimum_selection_area_per_shape": null,
"multiple_choice_max_choices": 1,
"multiple_choice_min_choices": 1
},
"request_type": "image_label_binary",
"requester_question": {
"en": "Please click each image containing a motorbus"
},
"requester_question_example": [
"https://imgs.hcaptcha.com/tqQ1Pwh3wcxAMEReGO+yq347RbZORTQNP3PTwD5ixEvTUja+oCALa3+MhWFr3evHcPX/ZLlHhdBdtzIaG9W5hfWvnU71KoEwxmY7FvehHE8xlmkeTRc7X2KKZ3Q=iwiMDdt1Y371J+xM",
"https://imgs.hcaptcha.com/0cDWIuTKjpO0q3Wo/lREuWCz367OL312zc89aciSyoUfjpqOrMD862Bt/HkTq9/5KpDJoTlSqGzllKVbw5XIz/TOYsB4wGLa/UQnydW2hSxtYBRXiOnhBTEuGzc=JvrQTogiVwc8p1V3",
"https://imgs.hcaptcha.com/YVsf0VHEUjitLQgQCF9gIhpA9R71KQBRIBTlDQZ9AywE7iko9q6d1UJ6wImk53n1thgrzoYukGNw1EhR9i/2+9vj0DqVa9DCmspN6iT6Q9haUr8hSM2XlMJT0Q==xQfh1kvw0xRiiW9Y"
],
"tasklist": [
{
"datapoint_uri": "https://imgs.hcaptcha.com/BR67YS7nZDc8Hj6BjqPf4OqHlxB+hgZACDBM1PBJkEMiUj0OMe0HUOrNfYpX9cWTXiLqX6Ewkk0DMAm8rBIMneyxGioat4sLVJtKCEtu7oGyLpHcj8Y1uy4Yrzq4rJymzD01lGhwnDcG3I1UIj+Demk0YxkT7N9jXrj5af8N5tQfxLzwkfRltvchB9bB0eZ3q8Y=zPMMAS0xfWNYzqsA",
"task_key": "4769b956-8944-40f1-9012-e2387de4ba22"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/vFWEbg2ATMSvuzZIFn1xUAnG79popQdTNSDFT6zM8Pw8x8T8KnaLMXG1PwAGmX73KtBrSUP/OFFlfciEsJg752/g0vpXrpb/yVcILvAeb1i1n2kTJZKX8JDW28N/GJN8waP2QhbTTuGAAm0SECY1FwDcy2SOSZRKwk/7Kagw2YH6tva2aj85UPcqIiXGjvwnPzs=NZ/5c09nPd+wFVyv",
"task_key": "cb910944-ac3d-4de9-972b-e8066514dca8"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/aXZ+tBzLMnHhDzt66ofKh/o0Nu3lqbbVOPGvBmOqy//RELekuPner1ruagNWbt8ryA93+ifvravl55+QMPnikrtc12s1b2iVdQ8w7qftTLBYdM4zUz0DIbwtbVh5dCsXeAtXxvL1HsIrF9xTmfHNe/X1/A8Wn0mhqp+Iq4CZ7tkmOKbUzxChdHZgZjQixQhOnvXMCn/9GGzIecSBBjaC",
"task_key": "cfca89d4-6969-45ab-8f77-df5581ed529e"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/gOZjSdgluc57HBxVIdnfhfCn2EoTIpbeUEgLm1HO+bc5afCudIKM68g5wk7reyxuWlgEIPiABrhdKo2+358309QoaVvnrdCweYU+u/4UWLol/AgtgeldrpHYJKWtnwnfI+PDeK/FkQCNTUIhd0EVzzQi5N8wJQgPQev0HL9cEAK1k9AzzkclxulA9ZFC9z1z6CI=Gp9V/T5f/oZRd3Dz",
"task_key": "420ffe6b-eeac-49d7-867e-82762d112a91"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/vad0OJajJjS4NQIQCUgGIUpXmVeRVJpB/0SKXYbXNQu6o+cAvbdU3Y7V0VK9Oj0shTjJCgEbaCiT8TGyt+9SK5GIZ9GjKW8mxbIMqtUG1duIgD09hz7aXC5YmE35UXXIqLhwPJBRd2zrEI7XyZanlFrLJdaXBfJB4MivKYm5OyfqqUrizh41PICy1ZSW4rNknflw/yZ3SEby3q3/qfKu",
"task_key": "1029b960-da78-4188-981c-e2577ff78f73"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/RQQoMapUCFkaTgmZocZSjT0loJi1yrOyK00MjlOhTM2BfbiXcwqh2c55IBxMnn/Wd/xMBWgW8Leg8DXODFwjjsoZGNpWDIdKogZ1yr3/aVZuX8TsIokYi/KoMtMupojf2GxolaFER0M9pRVGshcLkuVYgA3BepvY2HzLXNJjItkltVt7r73HUJnDBlLWko6WoYLNctLpuOI7L81tyx40",
"task_key": "667f2bba-0068-4b66-b258-4a195133219c"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/OkydnGZzoLesxpMNqBs3MkSbSA8qG8hmqwx4M8HgePxNQJtwc3oZnWSVi/0p0Hhz+I1y3NgSY4OgnCd8mwF0Nwt/oCq3FkeeN2ZxPIrTTPN/NUBOREYBVPHQtuKuXcitv5cRPxyz/D8A49cyrYVhElpC9IReYUG0WtWLW6ZJZONt5+jF2K5m/UuR2G2XKA==IiBrZLZGbJofyjEL",
"task_key": "69e96848-0a6c-488e-9699-bec033163a75"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com//z/hpcjCKqTgEFsoGhMyYOdlT7zsScULqdGnr3VthCGcfzSpiWHCa7eYteD6fEA8ZCCsjPH7zAop7LJUkYqdhC3ehommRec7GinboVBsajCiW/CguJLT0+r9CagqEpE7l+lIvc1KKla1wgUtKCvEHB03sHVEJmqdEqb8B6kOQSkKUkCUe85ZFgKUwsYLeLMFwB8=X9nTRH/f03ZPS1df",
"task_key": "16f5bfb7-204a-4cb9-82f3-b8bd1dddff29"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/oMvLVkBexJTU7SoFI9R83lqHK/tv507WGfaWir35F/gYwSzPmgoISGBe3G18xup5aWAol9agN27n37s/NMH0yiNa0QJMvhYcgK9kVwyhiSlm5fGuzLAWymzAwn25EBXegy6WppgZTpC4HmbJa5Dgix3Vr44VzZB3U5bQmuCal+vqc5YgjzL2rcK24SC2VhCeqIXYz7P7AXUfztR4kQU2",
"task_key": "6540e7eb-6544-4d48-84dc-dae5e7c483f3"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/BDnyLX/T4ql8aA753akbKtsnz+sRijPNttOkiZiY8lrtrypOvKAw0a7BIbn/ltYKp7Ogqw5j3vAVjSaduhxU1ByEeE2DQBEF56f4ZMR/RycmAbG9afLvZyauhJwJSKTnIZZU02ALsh0vpfrvQNEDp0rOqUPyrL9/3ROE9MLpIO01afxg3sfmFlUj1xb77sJVzw==MQc1iVDMvP8m+Ugp",
"task_key": "3e06ab3f-d6cd-483c-a072-ec7493855142"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/UzIvzbxK3NIfWMNOjEDXsReBUNoRlghdbziprJLm8qGHY51oBQdbSkTJ5Br22OgeTzX/FEZFxqeF4hJKVKsFJoH2FBB2PePekAQE4cfPEvL3mi3dfklSuzQOlTT6mtolDwmIshUadENVc523b8gPwmfhf1LDqvEZA7niJqo4f7rwr1L2aqRVTtx3tc3BOuOtPaWu7BBTBRb9sQp0Jqu7",
"task_key": "3371a4de-fd7a-474d-9c38-0357a4eb2ead"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/eFWX0pON6I7K85dRot7v0Wqiw1G9Lv7H92Nl5xbpXw+o+Ni1fArB5HsXPhI+1zIngjob3TtO9AymSgD9SQ+CfIrbnLWZIpncDoYDrH9QeD8dI7n7XtWAdt1cu9SEaKnbalZ5bK9eSOVtVaGwMBmH0HASjft3dFYEKoOSrZ+XX3gd7od3TyJ8NvVLG+cElhM3YN22wC0aqSvIFq9ELOwZ",
"task_key": "2135831d-7482-42fd-a95a-62998a506167"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/fXrvVwKnRHj/SwSTERHN8aCypK2bFUjddbIHpxJI4BKA6RdbY/ye4YyduhaCLbgjqXKkifxdJZUTi1s6iM5V6N79nk16cg/i5RYT6dLNloVfbbIb2X6b5MlWm99QLO281Ks8dxtmSc/RAlvDh3+ZPOZvKi7lpSdTxZx5vPonFbtN7rews2RdY+nW91Yv8jJXPN0=RMHu2zt0X5us+upv",
"task_key": "eb165972-0c21-4354-a171-b059b5b11b06"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/BDYrkVAI3WBTa4YDv/FcJRfiwfB53vr8r0fWkl+V4a2evZk1E1T6pW0r2khqrlkqpXwZYn5F6GmmTTYh+ABOhAwbddX+x3edTawRkz/FSTqYEySn8XSelsSxqMlmxDV1QtWiyYsghKGDcpW84pjBEdPCZn5uVCI0PGU63uonYa5oYvBEBw70cdrcmK3HkwbLhOqeFiYrkQjce65lJqp0",
"task_key": "98c37bfe-b4a2-4d1a-87af-2dd88b330f2b"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/tBEQtUMikhkVbfjKJEbx5DZyspDEX3Do0ilxek9sCz95KbfgEO50vM6cx77ltTMlcgVHFU0XYb9twh2hGrd1C2+1o5cbiS83akcObA1hi6DcdEYfwm6NeGBFswKLiIzOprivlts3I01VyU+h+orLz1OZkAoIZ5wAPR4LycenTJnauyyCiT37Yll25CCaUWsZHvguV+sPReGXbIyI9LTL",
"task_key": "556de7a1-1302-4c1e-ac46-39666a1c3da8"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/j2kkCTna+KT/2XkgHNut7xbKcjiRRxGRfiFuB45sj4GoM9feek5q/EHMl7qAeYLqnbgBoedNvkZvBMBr2AyAvNWJZAEAxvTIHpCucFpPal6v/gnjhf3fZQXM5i8oC8J2PUcKE1XprQJiqlQO5q0TJ29L0jW/fQSQw1H1UAWspVWHUqTqqvOCCIK/eqfzWaTIIMnvf1HwiKwdzO9mqTx7",
"task_key": "6f66d02d-e042-4b55-ad5b-c2d42d1f3624"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/04/zi/3Z26bf+L9TRI4M7RTNj4Tt2ZPGznwW4h0dfmmZA9GtFG8zffrvcsSXd/zgkMVimENeimDCa09cSjpRsYid5jg/vEz/86pibb8rJ0rUIfUYSPptBzknzzvBNfwbwTatUkCuaATYEI1KMNIwvXNP5v5Pb5waDyFDp+enf/YxkCwIWJMn8ju6F0Y4X0OWiXY=gZKqXqvbHwANMOwG",
"task_key": "a4ae1785-a09c-4226-a2f3-acd2388704a6"
},
{
"datapoint_uri": "https://imgs.hcaptcha.com/ldEKlkA6z/bHiFeaCoGSjgeRMm5qA5rpL7TUOuJIAH1wW7Vs19APKEvr9nHDIjeZMlnP8gp5WnQRtnIabkifInSISA8d717FA66vNQcHgUYrSqya6ewlcVRJl/P/Y6Ndhojxp4mr1GlZDa9jIxByfhbCcZDrPP1r36SJyEm471gA4wE9MlQdYaVD9itVZbMe0g==d/iC0ItWghV17E0Z",
"task_key": "dcc3bd5e-3529-4c17-8d5b-3d8a2db28739"
}
],
"bypass-message": "No bypass_token found."
}
What does the "No bypass token found" error mean?
@JustTalDevelops this is the same issue I was getting earlier which just means its trying to find a bypass token for Invisible captcha as stated here. What you want to do is use that tasklist that is passed back by storing it to a variable. You can then look through my code or this repo's code to see what to do with that tasklist after.
@aw1875 Ah, I see. So it doesn't actually matter, good to know. I'm not too familiar with JS, so the way this task list is generated is a bit weird to me. What exactly does this do?:
const answers = tasks.reduce(
(accum, t) => ({ ...accum, [t.task_key]: randomTrueFalse() }),
{}
);
I assume it would be something similar to this:
taskResponses := make(map[string][]string)
for _, t := range tasks {
taskResponses[t.Key] = []string{randomTrueFalse()}
}
Huh, with that solution I get:
{"success":false,"error-codes":["invalid-answers"]}
Is that normal, or am I messing something up?
@JustTalDevelops its an array reduce function, if you want to know more you can check out Mozilla's Developer Portal which breaks it down pretty nicely. I don't anything about GoLang but that looks like it could be similar. Getting a response of invalid answers is normal. If you notice in the code it will keep running that method until it receives a certain value back. At that point you should have a response token returned.
I see, awesome.
Looks like you've got a good grasp of what's going on so I'm sure you'll figure out whatever solution you need soon but if you need me feel free to hit me up.
Thanks, I think I'm almost done. How long does it usually take to find an answer?
Would proxying help?
@JustTalDevelops Probably wouldn't do much. Proxying would only help if you're getting your responses rejected by the server for sending too many. That wouldn't return {"success":false,"error-codes":["invalid-answers"]}
though so I don't think it would be useful for you.
Hmm, I don't know. I'm using Google's Vision API to detect the objects instead of randomly guessing, and it's still returning invalid answers - even if I'm the one manually verifying. I really feel like I'm doing something wrong, but I don't know what it is.
Oh wait, is the checkcaptcha endpoint JSON only?
I am just very skeptical that invalid answers means that the answers are actually incorrect, but that my formatting is malformed. In fact, using chrome devtools, I checked out a response for a normal checkcaptcha request and the response is way different, e.g: {"c":{"type":"hsw","req":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoxNiwidCI6InciLCJkIjoiZTZiN2JiMDEtNDJmZi00MTE0LTkyNDUtM2QyYjc4NDJlZDkyIiwibCI6Imh0dHBzOi8vYXNzZXRzLmhjYXB0Y2hhLmNvbS9jLzYwNDNiNmRhIiwiZSI6MTYxNjMwMDQ1OX0.o6PnebpYAU_uUic48zw4glMuwZA3amw3p1nbCwv3xtQ"},"pass":false}
{ c: { type: 'hsw', req: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoidyIsImQiOiJmNTU2MWJhOS04ZjFlLTQwY2EtOWI1Yi1hMGIzZjcxOWVmMzQiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvYmUxZTE5ZTMiLCJlIjoxNjE1OTQ1NzkxfQ.K9ZBQ_hJZzXsU_cZ60kjPFJrOr6Ulbcj6MksByGxvLk' }, success: false, 'error-codes': [] }
When I run it I just get "success" false without any errors. I followed the exact steps you suggested. Any ideas?
I'm also having the same issue now. Did you ever manage to fix it?
Aha, I've figured it out. Turns out that if you reuse the same n
token, it gives that error. Now it seems to work perfectly! Solves in less then 5 seconds!
Aha, I've figured it out. Turns out that if you reuse the same
n
token, it gives that error. Now it seems to work perfectly! Solves in less then 5 seconds!
Glad to hear it!
Yup, thanks for all the help! Did a few more optimizations, can now solve in literally 2 seconds. I'm pretty happy with the results
@JustTalDevelops would be awesome if you could share the code, so we can use it in our social media bot service ❤️
@Klapkaak078 It's open source at https://github.com/JustTalDevelops/hcaptcha-solver-go
By the way, if anybody else is interested in an up-to-date and speedy solver but doesn't know GoLang, I've made a rest API for my solver which can be used by anything that can connect to the internet: https://github.com/JustTalDevelops/hcaptcha-solver-api
Hello guys, I made my code in python, with refactoring the type, returning respose N depending on the type of the retorono! However I realize that when the type is 'hsl' it is time to send the verification it always gives success false not returning any error! https://github.com/MatheusVp2/hCaptcha-Solver-MR
The new update is working fine but you get very fast ip rate limit. My solution is a big work around. Not so useful. You have to browserify the current version. And for sending post requests to your server start chrome in security disabled mode. As i said its a big workaround but its working fine 6 Line 55: "url: https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=0" change to: "url: https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=1"
Hello guys, does anyone know this?
I had changed url to https://hcaptcha.com/checksiteconfig?host=2captcha.com&sitekey=28982ab4-aeef-4200-b9cc-28af1e23e377&sc=1&swa=1
but still got response type: :hsl'
:
{"pass":true,"c":{"type":"hsl","req":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoicCIsImQiOiJaVkdGbXFuYmpLUzVSQWRad3NSZVkzaUI4MUxKUFFrb0xzcStlS3B0NVk3V0NZRzJHWkNULzRmZ1YwWkZRMUo2bERibENkcFY5ZVFpMEIyUmxla1A0d016NmZjQloxMGY5eUUxY2FRL2lWN3NUNDEwWThKNUdCU3p3bFdvQVBHR2NuSDhJaXZsOU5Sa05nQlh1RHd0QlNheUdmUC9TNVRQdnlVdjBzZmd4R2RkcTdBd3JMK3AwMVJuNUE9PVdBQVpmaWxKMWZkbGJrNnYiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvNTgyOTZiODAiLCJlIjoxNjE3NTI4ODg5fQ.xAjW6PRqt3kfN1YIBd5hlijcSjwN-8In1gYPyUE1rgM"}}
so the post data n: hswResponse[0], c: JSON.stringify(hswResponse[1].req),
wouldn't work
import hsl.js
is working fine but will get very fast ip rate limit.
is there anyway to bypass this?
thanks all.
since today its no longer working. Looking for a solution. Anybody a solution?
There was an update to hcaptcha today. You have to use hsl
file instead of hsw
. Also change the v
, and update the Headers
.
@quoc1506 Use proxies for each request.
Can anyone help me with submitting hcaptcha key via console?
Houve uma atualização para o hcaptcha hoje. Você deve usar o
hsl
arquivo em vez dehsw
. Altere também ov
e atualize oHeaders
.@ quoc1506 Use proxies para cada solicitação.
I did this in my python, but sometimes it works and then for no reason ! Already makes the analysis of the images for the answer, however whenever it sends it receives false, without error! https://github.com/MatheusVp2/hCaptcha-Solver-MR
I've made no changes to my code and it still works no issues. I'm going to take a look at whats changed with the request headers now but the last update I pushed I had completely disregarded the hsw response and it was working great. Usually solving within 2-12 seconds.
Edit:
I see that the request have changed so I'm not entirely sure why my solver still has no issues. Going to look into this issue.
Não fiz alterações no meu código e ele ainda funciona sem problemas. Vou dar uma olhada no que mudou com os cabeçalhos de solicitação agora, mas a última atualização que enviei desconsiderei completamente a resposta hsw e estava funcionando muito bem. Normalmente resolvido em 2 a 12 segundos.
Editar:
Vejo que a solicitação mudou, então não tenho certeza de por que meu solucionador ainda não tem problemas. Vou analisar esse problema.
In your code for image acquisition, the separate function is not working! It may be that you are testing and hcaptcha that does not need n or c in the data
You must send a valid date of n and c
Apparently the solver just got patched.