JimmyLaurent / hcaptcha-solver

A library to solve hCaptcha challenges
201 stars 34 forks source link

Patched #13

Open l10r opened 3 years ago

l10r commented 3 years ago

Apparently the solver just got patched.

awxlfy commented 3 years ago

@dinohorvat I'm using what @nayde-fr suggested above to return n and c as an array:

async function getCode(host, sitekey) {

  let response = (await axios.get(`https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=1`)).data;

  const browser = await puppeteer.launch({
      headless: true,
      args: [`--window-size=600,1000`, '--window-position=000,000',  '--disable-dev-shm-usage', '--no-sandbox', '--user-data-dir="/tmp/chromium"', '--disable-web-security', '--disable-features=site-per-process']

  });

  const [page] = await browser.pages();
  await page.addScriptTag({url: 'https://assets.hcaptcha.com/c/f1430c5c/hsw.js'});
  let hswResponse = await page.evaluate(response => hsw(response.c.req), response);
  return [hswResponse, response['c']];
}

My host and sitekey are passed in from what I parsed out of the iframe on the page (so its dynamic based on any page that shows an hcaptcha). I'm then creating my data using the parsed sitekey and host as well as the n and c value I just recieved:

let data = {
  sitekey: urlParams.get('sitekey'),
  host: urlParams.get('host'),
  n: hswResponse[0],
  c: JSON.stringify(hswResponse[1]),
  v: 'f1430c5c'
}

As for my /getcaptcha call:

let response = await request('https://hcaptcha.com/getcaptcha', {
  method: 'post',
  json: true,
  form: data
});
dinohorvat commented 3 years ago

@aw1875 This import https://assets.hcaptcha.com/c/f1430c5c/hsw.js is different for every host (At least what I've noticed). So you should go to the host website and check which hsw.js is being accessed. I'm pretty sure its different than f1430c5c. Once you get the correct version, apply it to your code.

awxlfy commented 3 years ago

@dinohorvat Didn't even think of that. I just gave that a try but still got the same type of message back. 'bypass-message': 'No bypass_token found.' Is still at the very end.

dinohorvat commented 3 years ago

@aw1875 It could be that your IP is blacklisted. Try accessing the host website and try to login. If hcaptcha puzzle pops up then your only solution to unblock it and be able to use the script, is to solve it few times manually (or use 2captcha with proxy to your IP). Another solution is to use multiple proxies, so when one fails just use another one. I suggest you start playing with it and see how it behaves, that's how I managed to get my solution working.

Also feel free to send me the site key and host and I will try it with my solution to see if it works.

awxlfy commented 3 years ago

@dinohorvat Appreciate the help. I've tried multiple proxies with no success so I'll just post the host and sitekey since the site I'm testing on is meant as an hcaptcha demo.

host: democaptcha.com sitekey: 51829642-2cda-4b09-896c-594f89d700cc

The website I'm testing is http://democaptcha.com/demo-form-eng/hcaptcha.html

dinohorvat commented 3 years ago

@aw1875 If the host doesn't have Invisible Captcha enabled, this "solver" won't work. In that case, your only option is something like 2captcha...

awxlfy commented 3 years ago

@dinohorvat Interesting. Using this repo with the fix from @FatihAraz I'm able to receive a response token from a site like this. Then I would manually open the console in chrome and set document.querySelector('[name="h-captcha-response"]').value = RESPONSE_TOKEN and document.querySelector('[name="g-recaptcha-response"]').value= RESPONSE_TOKEN. I'd have no problems submitting that form and it would work correctly. The only time I'm having issues is when I try to automate it using puppeteer since I don't want to setup a local environment to run the fix every time. I setup a part of my website that does this request (instead of using localhost) and I am able to get back a token such as: F0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXNza2V5IjoiTk9DWVZDWmxSeERiVHJBcnFjcVlYWkYvT3IzNWNpNGRhOHZMRUhhWjZDeEtFb3YyRWJUMmZYeGQwS1luOTBPcU5OMzgvU1NBbkJmN3llWlVlZGhuRmNBRGVpMHdMVWZ3alBIZDBBdVRQRkZUK3lucHdQRUdlakc1NEQ2bnliN0l3Q2hZRnpGeXpoQ1NNeDFjYVBMY2RBYk1tWXVOUkVXL1A3ZzhlWjVzdnkwdm5OUzdWcXNZUWZUc2FjQWhqWlVOYktoaCtXQUhHamNUdVMyV3RQcTB3NHJqWXdHQ0RpNFF1Y2V2azY2YkZOTU40MUxXKzdvdHZiVjJVZTRqRFZpM2ZYa3RtUmV4d2NXZXUwMXFJSnp5UHdYeWFZNVAyZjhhaTBIM2tUeTFEbmY2K2hoUHF0MUI0dHUxNlgwPU5vUGlPdzBPOFQ5cmsza3AiLCJzaXRla2V5IjoiNTY5Y2JiYWEtMTcwMi00OTJkLWI4YWUtMmY5NmM2MGU2Njc1IiwiZXhwIjoxNjE1ODI3NTAwLCJwZCI6MH0.lVt2WYDgdrMwnx14jDo6YRbKkIYUGOOMQeTqJvoWfC0

nayde-fr commented 3 years ago

Update:

There was a change which now requires a version to be sent to /getcaptcha

So just attach v=e0a51cf to form data (or what ever the current version is).

Also as a side note, motionData is completely irrelevant - you don't have to send it.

However I noticed that when I set

const motionCount = randomFromRange(1000, 10000);

to :

const motionCount = randomFromRange(8000, 10000);

in the getMouseMovements function I reach a resolution rate close to 100%.

awxlfy commented 3 years ago

@nayde-fr you were able to get your puppeteer method to work?

nayde-fr commented 3 years ago

@nayde-fr you were able to get your puppeteer method to work?

Yes, working perfectly. I was hitting some invalid-input-response at the beginning cause I misformatted the post data. But finally I solved this problem using qs.stringify.

Here is my trysolve function :

async function trysolve(page, config) {
    let timestamp = Date.now() + randomFromRange(30, 120);

    response = await instance({
        method: 'post',
        url: 'https://hcaptcha.com/getcaptcha',
        data: qs.stringify({
            sitekey,
            host,
            n: await page.evaluate(response => hsw(response.c.req), config),
            c: JSON.stringify(config.c),
            motionData: {
                st: timestamp,
                dct: timestamp,
                mm: getMouseMovements(timestamp)
            }
        }),
        headers: {
            'content-type': 'application/x-www-form-urlencoded'
        }
    })
    .then(response => {
        return response;
    })
    .catch(error => {
        return error.response;
    })

    return response;
}

Where :

awxlfy commented 3 years ago

@nayde-fr I think I figured it out like 30 seconds after you posted this! I took a different approach but it works and its fairly quick with the responses. Probably going to clean my code up a little bit so I can export the functions to another file for use but thanks for all the help from everyone!

DrewRidley commented 3 years ago

{ c: { type: 'hsw', req: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoidyIsImQiOiJmNTU2MWJhOS04ZjFlLTQwY2EtOWI1Yi1hMGIzZjcxOWVmMzQiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvYmUxZTE5ZTMiLCJlIjoxNjE1OTQ1NzkxfQ.K9ZBQ_hJZzXsU_cZ60kjPFJrOr6Ulbcj6MksByGxvLk' }, success: false, 'error-codes': [] }

When I run it I just get "success" false without any errors. I followed the exact steps you suggested. Any ideas?

awxlfy commented 3 years ago

@DrewDaPilot are you trying to do this with puppeteer? If you are I made my solution into a simple module on NPMjs. If you're not then you can follow @FatihAraz's fix above. The only thing I noticed with his fix is that you may still get the wrong responses and have to refresh the page sometimes. The way you can fix that is a simple while loop such as:

while (true) {
    try {
        const response = await solveCaptcha('https://captcha-protected-site.com');

        // You can log the response and then break the loop
        console.log(response);
        break;

        // OR you could just return the response which would break the loop
        return response;
    } catch (e) {
        // You can log the error here or just let the loop restart
        console.log(e);
    }
}
DrewRidley commented 3 years ago

@aw1875 Indeed. I tried writing it as a expressjs server using puppeteer, however, I encountered that problem that I mentioned. Most of the code I wrote took inspiration from your repository, however, for some reason the server rejects it without an error message. I only used the browser to wrap hsw and everything else was done with axios requests (with a custom user-agent). I am really lost in regards to the server 'error' that I am facing. If you have any thoughts on the matter I would appreciate it. Right now I have a browser based solution that uses machine learning to solve the challenges given, but it would reduce cost and solve time if I can immediately generate a pass. I would love to hear your input or suggestions.

awxlfy commented 3 years ago

@DrewDaPilot when you make your post request to /getcaptcha what does your n look like as well as your c?

For example my response looks like this:

  response = await request({
    method: "post",
    headers,
    json: true,
    url: "https://hcaptcha.com/getcaptcha",
    form: {
      sitekey,
      host,
      n: hswResponse[0],
      c: JSON.stringify(hswResponse[1]),
      motionData: {
        st: timestamp,
        dct: timestamp,
        mm: getMouseMovements(timestamp),
      },
    },
  });

My n value is coming from:

await page.evaluate((response) => hsw(response.c.req), response)

which is usually just a ton of numbers.

While my c value is coming from response["c"]. Then you need to make sure to use the JSON.stringify command on it within the post request (as you can see I did). Even though it is already a json response I noticed that it wasn't getting posted correctly until I explicitly made sure it was JSON.

I'd like to make sure you're getting proper responses at each step in your code so we can try and narrow down why you aren't getting the correct response in the end.

DrewRidley commented 3 years ago

If you would like and have a discord perhaps we can troubleshoot there? The only change I can think of between your code and mine would be the fact that you seem to execute everything from within the browser, whereas, I only execute hsw from the browser. I am happy to send over some example data but the hsw function executes without an error (invalid data would throw an error), my headers are all identical... I used charles proxy to get an ideas of the differences in requests between the real captcha response and the forged one and the only difference is of course the req and n value. I have a lurking suspicion that the n value being generated is based on a timestamp and the puppeteer overhead to evaluate a script on the page and return it involves enough latency so the hashed value n is considered old. From my research the hsw function hashes the req value with a timestamp to prevent time based attacks. It is also possible that the hsw function reads the browser URL/href to determine if the browser is currently on the same page the captcha is being solved in. Unlike your example, my page is actually empty and I load only hsw onto the browser, nothing else. if the black box function checks the url of the browser page then its likely that is how it is being detected.

JustTalDevelops commented 3 years ago

@aw1875 Thanks for your posts! I'm writing my own solution in GoLang based off of yours and some help I've gotten with DevTools. I'm a bit stuck at the moment; I'm using Playwright for GoLang in headless mode to get the HSW data which works flawlessly, but when I attempt to send a request to the getcaptcha endpoint of HCaptcha, I get a {"success":false,"error-codes":["invalid-data"]} error. Do you have any idea what I could be doing wrong? My code is at: https://github.com/JustTalDevelops/hcaptcha-solver-go

awxlfy commented 3 years ago

@DrewDaPilot shoot me a message on discord @ wxlfy#2232. Also @JustTalDevelops I'll take a look through your code when I get a few spare minutes at work and see if I can be of assistance!

JustTalDevelops commented 3 years ago

@aw1875 Thanks for the response! I've been working on it a little more and seems like it's.. almost working. I get a response for the GetCaptcha endpoint now but whenever I try to send back a response with the tasks it fails. This is the response I'm getting:

{
  "c": {
    "type": "hsw",
    "req": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoxNiwidCI6InciLCJkIjoiY2QyNTIyMzQtNDRkOC00YjgxLWIxZDUtZDRlMTRiNjI0ODM0IiwibCI6Imh0dHBzOi8vYXNzZXRzLmhjYXB0Y2hhLmNvbS9jLzYwNDNiNmRhIiwiZSI6MTYxNjE3NjU2N30.7t5QwKxVoJkjnRKiSEnnmLWQ-hL_E_NbpYnoc1SmNQ0"
  },
  "challenge_uri": "https://hcaptcha.com/challenge/grid/challenge.js",
  "key": "5e4b867e-53c0-4ece-bcdb-7cce2e590272",
  "request_config": {
    "version": 0,
    "shape_type": null,
    "min_points": null,
    "max_points": null,
    "min_shapes_per_image": null,
    "max_shapes_per_image": null,
    "restrict_to_coords": null,
    "minimum_selection_area_per_shape": null,
    "multiple_choice_max_choices": 1,
    "multiple_choice_min_choices": 1
  },
  "request_type": "image_label_binary",
  "requester_question": {
    "en": "Please click each image containing a motorbus"
  },
  "requester_question_example": [
    "https://imgs.hcaptcha.com/tqQ1Pwh3wcxAMEReGO+yq347RbZORTQNP3PTwD5ixEvTUja+oCALa3+MhWFr3evHcPX/ZLlHhdBdtzIaG9W5hfWvnU71KoEwxmY7FvehHE8xlmkeTRc7X2KKZ3Q=iwiMDdt1Y371J+xM",
    "https://imgs.hcaptcha.com/0cDWIuTKjpO0q3Wo/lREuWCz367OL312zc89aciSyoUfjpqOrMD862Bt/HkTq9/5KpDJoTlSqGzllKVbw5XIz/TOYsB4wGLa/UQnydW2hSxtYBRXiOnhBTEuGzc=JvrQTogiVwc8p1V3",
    "https://imgs.hcaptcha.com/YVsf0VHEUjitLQgQCF9gIhpA9R71KQBRIBTlDQZ9AywE7iko9q6d1UJ6wImk53n1thgrzoYukGNw1EhR9i/2+9vj0DqVa9DCmspN6iT6Q9haUr8hSM2XlMJT0Q==xQfh1kvw0xRiiW9Y"
  ],
  "tasklist": [
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/BR67YS7nZDc8Hj6BjqPf4OqHlxB+hgZACDBM1PBJkEMiUj0OMe0HUOrNfYpX9cWTXiLqX6Ewkk0DMAm8rBIMneyxGioat4sLVJtKCEtu7oGyLpHcj8Y1uy4Yrzq4rJymzD01lGhwnDcG3I1UIj+Demk0YxkT7N9jXrj5af8N5tQfxLzwkfRltvchB9bB0eZ3q8Y=zPMMAS0xfWNYzqsA",
      "task_key": "4769b956-8944-40f1-9012-e2387de4ba22"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/vFWEbg2ATMSvuzZIFn1xUAnG79popQdTNSDFT6zM8Pw8x8T8KnaLMXG1PwAGmX73KtBrSUP/OFFlfciEsJg752/g0vpXrpb/yVcILvAeb1i1n2kTJZKX8JDW28N/GJN8waP2QhbTTuGAAm0SECY1FwDcy2SOSZRKwk/7Kagw2YH6tva2aj85UPcqIiXGjvwnPzs=NZ/5c09nPd+wFVyv",
      "task_key": "cb910944-ac3d-4de9-972b-e8066514dca8"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/aXZ+tBzLMnHhDzt66ofKh/o0Nu3lqbbVOPGvBmOqy//RELekuPner1ruagNWbt8ryA93+ifvravl55+QMPnikrtc12s1b2iVdQ8w7qftTLBYdM4zUz0DIbwtbVh5dCsXeAtXxvL1HsIrF9xTmfHNe/X1/A8Wn0mhqp+Iq4CZ7tkmOKbUzxChdHZgZjQixQhOnvXMCn/9GGzIecSBBjaC",
      "task_key": "cfca89d4-6969-45ab-8f77-df5581ed529e"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/gOZjSdgluc57HBxVIdnfhfCn2EoTIpbeUEgLm1HO+bc5afCudIKM68g5wk7reyxuWlgEIPiABrhdKo2+358309QoaVvnrdCweYU+u/4UWLol/AgtgeldrpHYJKWtnwnfI+PDeK/FkQCNTUIhd0EVzzQi5N8wJQgPQev0HL9cEAK1k9AzzkclxulA9ZFC9z1z6CI=Gp9V/T5f/oZRd3Dz",
      "task_key": "420ffe6b-eeac-49d7-867e-82762d112a91"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/vad0OJajJjS4NQIQCUgGIUpXmVeRVJpB/0SKXYbXNQu6o+cAvbdU3Y7V0VK9Oj0shTjJCgEbaCiT8TGyt+9SK5GIZ9GjKW8mxbIMqtUG1duIgD09hz7aXC5YmE35UXXIqLhwPJBRd2zrEI7XyZanlFrLJdaXBfJB4MivKYm5OyfqqUrizh41PICy1ZSW4rNknflw/yZ3SEby3q3/qfKu",
      "task_key": "1029b960-da78-4188-981c-e2577ff78f73"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/RQQoMapUCFkaTgmZocZSjT0loJi1yrOyK00MjlOhTM2BfbiXcwqh2c55IBxMnn/Wd/xMBWgW8Leg8DXODFwjjsoZGNpWDIdKogZ1yr3/aVZuX8TsIokYi/KoMtMupojf2GxolaFER0M9pRVGshcLkuVYgA3BepvY2HzLXNJjItkltVt7r73HUJnDBlLWko6WoYLNctLpuOI7L81tyx40",
      "task_key": "667f2bba-0068-4b66-b258-4a195133219c"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/OkydnGZzoLesxpMNqBs3MkSbSA8qG8hmqwx4M8HgePxNQJtwc3oZnWSVi/0p0Hhz+I1y3NgSY4OgnCd8mwF0Nwt/oCq3FkeeN2ZxPIrTTPN/NUBOREYBVPHQtuKuXcitv5cRPxyz/D8A49cyrYVhElpC9IReYUG0WtWLW6ZJZONt5+jF2K5m/UuR2G2XKA==IiBrZLZGbJofyjEL",
      "task_key": "69e96848-0a6c-488e-9699-bec033163a75"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com//z/hpcjCKqTgEFsoGhMyYOdlT7zsScULqdGnr3VthCGcfzSpiWHCa7eYteD6fEA8ZCCsjPH7zAop7LJUkYqdhC3ehommRec7GinboVBsajCiW/CguJLT0+r9CagqEpE7l+lIvc1KKla1wgUtKCvEHB03sHVEJmqdEqb8B6kOQSkKUkCUe85ZFgKUwsYLeLMFwB8=X9nTRH/f03ZPS1df",
      "task_key": "16f5bfb7-204a-4cb9-82f3-b8bd1dddff29"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/oMvLVkBexJTU7SoFI9R83lqHK/tv507WGfaWir35F/gYwSzPmgoISGBe3G18xup5aWAol9agN27n37s/NMH0yiNa0QJMvhYcgK9kVwyhiSlm5fGuzLAWymzAwn25EBXegy6WppgZTpC4HmbJa5Dgix3Vr44VzZB3U5bQmuCal+vqc5YgjzL2rcK24SC2VhCeqIXYz7P7AXUfztR4kQU2",
      "task_key": "6540e7eb-6544-4d48-84dc-dae5e7c483f3"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/BDnyLX/T4ql8aA753akbKtsnz+sRijPNttOkiZiY8lrtrypOvKAw0a7BIbn/ltYKp7Ogqw5j3vAVjSaduhxU1ByEeE2DQBEF56f4ZMR/RycmAbG9afLvZyauhJwJSKTnIZZU02ALsh0vpfrvQNEDp0rOqUPyrL9/3ROE9MLpIO01afxg3sfmFlUj1xb77sJVzw==MQc1iVDMvP8m+Ugp",
      "task_key": "3e06ab3f-d6cd-483c-a072-ec7493855142"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/UzIvzbxK3NIfWMNOjEDXsReBUNoRlghdbziprJLm8qGHY51oBQdbSkTJ5Br22OgeTzX/FEZFxqeF4hJKVKsFJoH2FBB2PePekAQE4cfPEvL3mi3dfklSuzQOlTT6mtolDwmIshUadENVc523b8gPwmfhf1LDqvEZA7niJqo4f7rwr1L2aqRVTtx3tc3BOuOtPaWu7BBTBRb9sQp0Jqu7",
      "task_key": "3371a4de-fd7a-474d-9c38-0357a4eb2ead"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/eFWX0pON6I7K85dRot7v0Wqiw1G9Lv7H92Nl5xbpXw+o+Ni1fArB5HsXPhI+1zIngjob3TtO9AymSgD9SQ+CfIrbnLWZIpncDoYDrH9QeD8dI7n7XtWAdt1cu9SEaKnbalZ5bK9eSOVtVaGwMBmH0HASjft3dFYEKoOSrZ+XX3gd7od3TyJ8NvVLG+cElhM3YN22wC0aqSvIFq9ELOwZ",
      "task_key": "2135831d-7482-42fd-a95a-62998a506167"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/fXrvVwKnRHj/SwSTERHN8aCypK2bFUjddbIHpxJI4BKA6RdbY/ye4YyduhaCLbgjqXKkifxdJZUTi1s6iM5V6N79nk16cg/i5RYT6dLNloVfbbIb2X6b5MlWm99QLO281Ks8dxtmSc/RAlvDh3+ZPOZvKi7lpSdTxZx5vPonFbtN7rews2RdY+nW91Yv8jJXPN0=RMHu2zt0X5us+upv",
      "task_key": "eb165972-0c21-4354-a171-b059b5b11b06"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/BDYrkVAI3WBTa4YDv/FcJRfiwfB53vr8r0fWkl+V4a2evZk1E1T6pW0r2khqrlkqpXwZYn5F6GmmTTYh+ABOhAwbddX+x3edTawRkz/FSTqYEySn8XSelsSxqMlmxDV1QtWiyYsghKGDcpW84pjBEdPCZn5uVCI0PGU63uonYa5oYvBEBw70cdrcmK3HkwbLhOqeFiYrkQjce65lJqp0",
      "task_key": "98c37bfe-b4a2-4d1a-87af-2dd88b330f2b"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/tBEQtUMikhkVbfjKJEbx5DZyspDEX3Do0ilxek9sCz95KbfgEO50vM6cx77ltTMlcgVHFU0XYb9twh2hGrd1C2+1o5cbiS83akcObA1hi6DcdEYfwm6NeGBFswKLiIzOprivlts3I01VyU+h+orLz1OZkAoIZ5wAPR4LycenTJnauyyCiT37Yll25CCaUWsZHvguV+sPReGXbIyI9LTL",
      "task_key": "556de7a1-1302-4c1e-ac46-39666a1c3da8"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/j2kkCTna+KT/2XkgHNut7xbKcjiRRxGRfiFuB45sj4GoM9feek5q/EHMl7qAeYLqnbgBoedNvkZvBMBr2AyAvNWJZAEAxvTIHpCucFpPal6v/gnjhf3fZQXM5i8oC8J2PUcKE1XprQJiqlQO5q0TJ29L0jW/fQSQw1H1UAWspVWHUqTqqvOCCIK/eqfzWaTIIMnvf1HwiKwdzO9mqTx7",
      "task_key": "6f66d02d-e042-4b55-ad5b-c2d42d1f3624"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/04/zi/3Z26bf+L9TRI4M7RTNj4Tt2ZPGznwW4h0dfmmZA9GtFG8zffrvcsSXd/zgkMVimENeimDCa09cSjpRsYid5jg/vEz/86pibb8rJ0rUIfUYSPptBzknzzvBNfwbwTatUkCuaATYEI1KMNIwvXNP5v5Pb5waDyFDp+enf/YxkCwIWJMn8ju6F0Y4X0OWiXY=gZKqXqvbHwANMOwG",
      "task_key": "a4ae1785-a09c-4226-a2f3-acd2388704a6"
    },
    {
      "datapoint_uri": "https://imgs.hcaptcha.com/ldEKlkA6z/bHiFeaCoGSjgeRMm5qA5rpL7TUOuJIAH1wW7Vs19APKEvr9nHDIjeZMlnP8gp5WnQRtnIabkifInSISA8d717FA66vNQcHgUYrSqya6ewlcVRJl/P/Y6Ndhojxp4mr1GlZDa9jIxByfhbCcZDrPP1r36SJyEm471gA4wE9MlQdYaVD9itVZbMe0g==d/iC0ItWghV17E0Z",
      "task_key": "dcc3bd5e-3529-4c17-8d5b-3d8a2db28739"
    }
  ],
  "bypass-message": "No bypass_token found."
}
JustTalDevelops commented 3 years ago

What does the "No bypass token found" error mean?

awxlfy commented 3 years ago

@JustTalDevelops this is the same issue I was getting earlier which just means its trying to find a bypass token for Invisible captcha as stated here. What you want to do is use that tasklist that is passed back by storing it to a variable. You can then look through my code or this repo's code to see what to do with that tasklist after.

JustTalDevelops commented 3 years ago

@aw1875 Ah, I see. So it doesn't actually matter, good to know. I'm not too familiar with JS, so the way this task list is generated is a bit weird to me. What exactly does this do?:

const answers = tasks.reduce(
    (accum, t) => ({ ...accum, [t.task_key]: randomTrueFalse() }),
    {}
);
JustTalDevelops commented 3 years ago

I assume it would be something similar to this:

    taskResponses := make(map[string][]string)
    for _, t := range tasks {
        taskResponses[t.Key] = []string{randomTrueFalse()}
    }
JustTalDevelops commented 3 years ago

Huh, with that solution I get:

{"success":false,"error-codes":["invalid-answers"]}

Is that normal, or am I messing something up?

awxlfy commented 3 years ago

@JustTalDevelops its an array reduce function, if you want to know more you can check out Mozilla's Developer Portal which breaks it down pretty nicely. I don't anything about GoLang but that looks like it could be similar. Getting a response of invalid answers is normal. If you notice in the code it will keep running that method until it receives a certain value back. At that point you should have a response token returned.

JustTalDevelops commented 3 years ago

I see, awesome.

awxlfy commented 3 years ago

Looks like you've got a good grasp of what's going on so I'm sure you'll figure out whatever solution you need soon but if you need me feel free to hit me up.

JustTalDevelops commented 3 years ago

Thanks, I think I'm almost done. How long does it usually take to find an answer?

JustTalDevelops commented 3 years ago

Would proxying help?

awxlfy commented 3 years ago

@JustTalDevelops Probably wouldn't do much. Proxying would only help if you're getting your responses rejected by the server for sending too many. That wouldn't return {"success":false,"error-codes":["invalid-answers"]} though so I don't think it would be useful for you.

JustTalDevelops commented 3 years ago

Hmm, I don't know. I'm using Google's Vision API to detect the objects instead of randomly guessing, and it's still returning invalid answers - even if I'm the one manually verifying. I really feel like I'm doing something wrong, but I don't know what it is.

JustTalDevelops commented 3 years ago

Oh wait, is the checkcaptcha endpoint JSON only?

JustTalDevelops commented 3 years ago

I am just very skeptical that invalid answers means that the answers are actually incorrect, but that my formatting is malformed. In fact, using chrome devtools, I checked out a response for a normal checkcaptcha request and the response is way different, e.g: {"c":{"type":"hsw","req":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoxNiwidCI6InciLCJkIjoiZTZiN2JiMDEtNDJmZi00MTE0LTkyNDUtM2QyYjc4NDJlZDkyIiwibCI6Imh0dHBzOi8vYXNzZXRzLmhjYXB0Y2hhLmNvbS9jLzYwNDNiNmRhIiwiZSI6MTYxNjMwMDQ1OX0.o6PnebpYAU_uUic48zw4glMuwZA3amw3p1nbCwv3xtQ"},"pass":false}

JustTalDevelops commented 3 years ago

{ c: { type: 'hsw', req: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoidyIsImQiOiJmNTU2MWJhOS04ZjFlLTQwY2EtOWI1Yi1hMGIzZjcxOWVmMzQiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvYmUxZTE5ZTMiLCJlIjoxNjE1OTQ1NzkxfQ.K9ZBQ_hJZzXsU_cZ60kjPFJrOr6Ulbcj6MksByGxvLk' }, success: false, 'error-codes': [] }

When I run it I just get "success" false without any errors. I followed the exact steps you suggested. Any ideas?

I'm also having the same issue now. Did you ever manage to fix it?

JustTalDevelops commented 3 years ago

Aha, I've figured it out. Turns out that if you reuse the same n token, it gives that error. Now it seems to work perfectly! Solves in less then 5 seconds!

awxlfy commented 3 years ago

Aha, I've figured it out. Turns out that if you reuse the same n token, it gives that error. Now it seems to work perfectly! Solves in less then 5 seconds!

Glad to hear it!

JustTalDevelops commented 3 years ago

Yup, thanks for all the help! Did a few more optimizations, can now solve in literally 2 seconds. I'm pretty happy with the results

Klapkaak078 commented 3 years ago

@JustTalDevelops would be awesome if you could share the code, so we can use it in our social media bot service ❤️

JustTalDevelops commented 3 years ago

@Klapkaak078 It's open source at https://github.com/JustTalDevelops/hcaptcha-solver-go

JustTalDevelops commented 3 years ago

By the way, if anybody else is interested in an up-to-date and speedy solver but doesn't know GoLang, I've made a rest API for my solver which can be used by anything that can connect to the internet: https://github.com/JustTalDevelops/hcaptcha-solver-api

MatheusVp2 commented 3 years ago

Hello guys, I made my code in python, with refactoring the type, returning respose N depending on the type of the retorono! However I realize that when the type is 'hsl' it is time to send the verification it always gives success false not returning any error! https://github.com/MatheusVp2/hCaptcha-Solver-MR

quoc1506 commented 3 years ago

The new update is working fine but you get very fast ip rate limit. My solution is a big work around. Not so useful. You have to browserify the current version. And for sending post requests to your server start chrome in security disabled mode. As i said its a big workaround but its working fine 6 Line 55: "url: https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=0" change to: "url: https://hcaptcha.com/checksiteconfig?host=${host}&sitekey=${sitekey}&sc=1&swa=1"

Hello guys, does anyone know this? I had changed url to https://hcaptcha.com/checksiteconfig?host=2captcha.com&sitekey=28982ab4-aeef-4200-b9cc-28af1e23e377&sc=1&swa=1 but still got response type: :hsl': {"pass":true,"c":{"type":"hsl","req":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzIjoyLCJ0IjoicCIsImQiOiJaVkdGbXFuYmpLUzVSQWRad3NSZVkzaUI4MUxKUFFrb0xzcStlS3B0NVk3V0NZRzJHWkNULzRmZ1YwWkZRMUo2bERibENkcFY5ZVFpMEIyUmxla1A0d016NmZjQloxMGY5eUUxY2FRL2lWN3NUNDEwWThKNUdCU3p3bFdvQVBHR2NuSDhJaXZsOU5Sa05nQlh1RHd0QlNheUdmUC9TNVRQdnlVdjBzZmd4R2RkcTdBd3JMK3AwMVJuNUE9PVdBQVpmaWxKMWZkbGJrNnYiLCJsIjoiaHR0cHM6Ly9hc3NldHMuaGNhcHRjaGEuY29tL2MvNTgyOTZiODAiLCJlIjoxNjE3NTI4ODg5fQ.xAjW6PRqt3kfN1YIBd5hlijcSjwN-8In1gYPyUE1rgM"}}

so the post data n: hswResponse[0], c: JSON.stringify(hswResponse[1].req), wouldn't work

import hsl.js is working fine but will get very fast ip rate limit. is there anyway to bypass this? thanks all.

FatihAraz commented 3 years ago

since today its no longer working. Looking for a solution. Anybody a solution?

dinohorvat commented 3 years ago

There was an update to hcaptcha today. You have to use hsl file instead of hsw. Also change the v, and update the Headers.

@quoc1506 Use proxies for each request.

matukaking commented 3 years ago

Can anyone help me with submitting hcaptcha key via console?

MatheusVp2 commented 3 years ago

Houve uma atualização para o hcaptcha hoje. Você deve usar o hslarquivo em vez de hsw. Altere também o ve atualize o Headers.

@ quoc1506 Use proxies para cada solicitação.

I did this in my python, but sometimes it works and then for no reason ! Already makes the analysis of the images for the answer, however whenever it sends it receives false, without error! https://github.com/MatheusVp2/hCaptcha-Solver-MR

MatheusVp2 commented 3 years ago

image

awxlfy commented 3 years ago

I've made no changes to my code and it still works no issues. I'm going to take a look at whats changed with the request headers now but the last update I pushed I had completely disregarded the hsw response and it was working great. Usually solving within 2-12 seconds.

image

Edit:

I see that the request have changed so I'm not entirely sure why my solver still has no issues. Going to look into this issue.

MatheusVp2 commented 3 years ago

Não fiz alterações no meu código e ele ainda funciona sem problemas. Vou dar uma olhada no que mudou com os cabeçalhos de solicitação agora, mas a última atualização que enviei desconsiderei completamente a resposta hsw e estava funcionando muito bem. Normalmente resolvido em 2 a 12 segundos.

imagem

Editar:

Vejo que a solicitação mudou, então não tenho certeza de por que meu solucionador ainda não tem problemas. Vou analisar esse problema.

In your code for image acquisition, the separate function is not working! It may be that you are testing and hcaptcha that does not need n or c in the data

MatheusVp2 commented 3 years ago

image image You must send a valid date of n and c image