Logo of «2Captcha»To home page

Cloudflare Turnstile demo

This page explains how Cloudflare Turnstile is displayed and how Cloudflare Turnstile verification works. You can also check how the Cloudflare Challenge works on example page.

Logo of «Cloudflare Turnstile»

In many cases Cloudflare Turnstile hinder accessibility, frustrate users, limits access to open information, makes testing application and sites difficult. Use Cloudflare Turnstile solver for automatic bypass.

Cloudflare Turnstile solverAPI

How to solve Cloudflare Turnstile

  1. Open developer's console in your browser and find element with data-sitekey attribute.

    <div class="cf-turnstile" data-sitekey="3x00000000000000000000FF"></div>

  2. Send sitekey and pageurl to our API.

    PHP

    $result = $solver->turnstile([
  'sitekey' => '3x00000000000000000000FF',
  'url'     => 'https://2captcha.com/demo/cloudflare-turnstile',
]);

    Python

    result = solver.turnstile(sitekey='3x00000000000000000000FF', url='https://2captcha.com/demo/cloudflare-turnstile')

    Ruby

    # https://github.com/2captcha/2captcha-ruby
require 'api_2captcha'

client =  Api2Captcha.new("YOUR_API_KEY")

result = client.turnstile({
  sitekey: '0x1AAAAAAAAkg0s2VIOD34y5',
  pageurl: 'http://mysite.com/'
})

    Wait for the result, which may look like this:

    0.WoGeDojxQzHCCk023JRjfxv23olYh37jFdvPrcqmNeQ7PbSYIEuiBTK2SR_GdjfMitYEC23Gm7Vt93U1CPcI6aIFEhG-ffe1i9e6tIfIlYCFtb7OMxTB4tKCyTdpiaA.SP5YT77nuMNdOhZlvoBWAQ.da6448d22df7dd92f56a9fcf6d7138e5ee712bcf7d00c281f419b3bc091cbe64

    Manually:

    1. Make a POST request to https://2captcha.com/in.php with the following parameters:

      {
  "key": "YOUR_API_KEY",
  "method": "turnstile",
  "sitekey": "3x00000000000000000000FF",
  "pageurl": "https://2captcha.com/demo/cloudflare-turnstile",
  "json": 1
}

    2. If everything is fine server will return the ID of your captcha:

      {
  "status": 1,
  "request": "2122988149"
}

    3. After 15-20 seconds send GET request to get the result:

      GET https://2captcha.com/res.php?key=YOUR_API_KEY&action=get&id=2122988149&json=1

      If captcha is already solved server will respond with the answer token:

      {
  "status": 1,
  "request": "0.WoGeDojxQzHCCk023JRjfxv23olYh37jFdvPrcqmNeQ7PbSYIEuiBTK2SR_GdjfMitYEC23Gm7Vt93U1CPcI6aIFEhG-ffe1i9e6tIfIlYCFtb7OMxTB4tKCyTdpiaA.SP5YT77nuMNdOhZlvoBWAQ.da6448d22df7dd92f56a9fcf6d7138e5ee712bcf7d00c281f419b3bc091cbe64"
}

      If captcha is not solved yet server will return CAPCHA_NOT_READY code. Repeat your request in 5 seconds. If something went wrong server will return an error code.

  3. Use the token returned in your interaction with the target website.
    Normally the token is sent through the input with name="cf-turnstile-response" or, if reCAPTCHA compatibility mode is enabled, also in input with name="g-recaptcha-response". Also the token can be processed by a callback function defined in turnstile.render call or inside data-callback attribute.

    On this demo page we use the input that can be changed this way:

    document.querySelector('[name="cf-turnstile-response"]').value = 'TOKEN';