CAPTCHAFORUM
Administrator
What happened?
Recently Cloudflare changed the way of processing hCpatcha tokens after solving the captcha. Now tokens are not sent as plain text inside HTTP request to the back-end as it was before. Now tokens are encrypted with the javascript callback function before sending.
How does it work now?
When you bypass the hCaptcha challenge the token is passed to a callback function. The callback is defined inside obfuscated javascript code loaded from
The callback function uses some additional data defined inside the javascript and applies some logic to encrypt the token and additional data before submitting it to the back-end on
Can I bypass hCaptcha on Cloudflare-protected page with 2Captcha API?
Yes, you can. Our 2Captcha Solver extension for Google Chrome does this automatically. You can try to use it to make sure it works in your case.
Is there an easy way to bypass hCaptcha on Cloudflare-protected page?
No, it is no easy way anymore. To do so you have to understand how the token is encrypted by the javascript code. Our 2Captcha Solver extension for Google Chrome can help you to see the callback function code.
Just get the extension and enable it, then open a webpage where you want to bypass hCaptcha challenge and search for
Can 2Captcha do all this complex things for me?
Unfortunately no, we can not do all these actions on our side. We can solve the captcha and provide you a valid token, the rest of the job must be done on your side.
What is the recommended approach?
Our opinion: the most effificient way is to use javascript injection to redefine
Store the original render function inside a variable, then use your own function that will catch both arguments
Parse the arguments inside your function to get the callback definition from
Another approach is to completely deobfuscate the callback code to understand what data the code consume and use to generate the data used in the request to
We also recommend to check cfresearch repo where Steven scaredos publishes his research on CloudFlare's protection.
Recently Cloudflare changed the way of processing hCpatcha tokens after solving the captcha. Now tokens are not sent as plain text inside HTTP request to the back-end as it was before. Now tokens are encrypted with the javascript callback function before sending.
How does it work now?
When you bypass the hCaptcha challenge the token is passed to a callback function. The callback is defined inside obfuscated javascript code loaded from
/cdn-cgi/challenge-platform/h/b/orchestrate/captcha/v1
.The callback function uses some additional data defined inside the javascript and applies some logic to encrypt the token and additional data before submitting it to the back-end on
/cdn-cgi/challenge-platform/h/b/flow/ov1/
Can I bypass hCaptcha on Cloudflare-protected page with 2Captcha API?
Yes, you can. Our 2Captcha Solver extension for Google Chrome does this automatically. You can try to use it to make sure it works in your case.
Is there an easy way to bypass hCaptcha on Cloudflare-protected page?
No, it is no easy way anymore. To do so you have to understand how the token is encrypted by the javascript code. Our 2Captcha Solver extension for Google Chrome can help you to see the callback function code.
Just get the extension and enable it, then open a webpage where you want to bypass hCaptcha challenge and search for
captcha-widget
element. Inspect this element, it will have some attributes including data-callback
which will contain the callback function copy. Now you can use callback function name in the javascript console to jump to the function definition and explore the code. The code is obfuscated, but you can set some breakpoints and define some watch expressions to make things more clear.Can 2Captcha do all this complex things for me?
Unfortunately no, we can not do all these actions on our side. We can solve the captcha and provide you a valid token, the rest of the job must be done on your side.
What is the recommended approach?
Our opinion: the most effificient way is to use javascript injection to redefine
hcaptcha.render(container, params)
method.Store the original render function inside a variable, then use your own function that will catch both arguments
container
and params
and return the original render method.Parse the arguments inside your function to get the callback definition from
data-callback
inside params
. Then call the callback found passing the token as the only argument.Another approach is to completely deobfuscate the callback code to understand what data the code consume and use to generate the data used in the request to
/cdn-cgi/challenge-platform/h/b/flow/ov1/
We also recommend to check cfresearch repo where Steven scaredos publishes his research on CloudFlare's protection.