Captcha bypass tutorials

Was this helpful?

How to bypass Alibaba captcha

Gregory Fisher
Gregory Fisher

Technical engineer

Introduction

Alibaba CAPTCHA (also known as Aliyun Captcha) is a popular protection system found on websites within the Alibaba ecosystem, such as AliExpress, Alibaba.com, and many others. It often appears as a slider that needs to be dragged or a puzzle assembly task. For automation, this means we need to obtain special tokens from a solving service and correctly inject them into the target page.

In this guide, we will break down how to automate bypassing Alibaba CAPTCHA using the 2Captcha API.

How to find all the necessary parameters

To obtain the parameters required to create a task, you will need to analyze the page's network traffic and the data returned by the server when the captcha appears.

IMPORTANT: some parameters are generated dynamically and may differ with each page load protected by Alibaba captcha.

Step 1. Getting the page with the captcha

  1. Open the website and perform the action that triggers the captcha (e.g., a login attempt).
  2. Open DevTools → Network.
  3. Find the request after which the server returns the captcha HTML page instead of a regular JSON response.

The page response usually contains an object like this:

javascript Copy
var requestInfo = {
  data,
  region,
  sceneId,
  token,
  traceid,
  type,
  userId,
  userUserId
}

Step 2. Extracting parameters from requestInfo

From the requestInfo object, you need to extract the following values:

Task Parameter Source
sceneId sceneId field
userId userId field
userUserId userUserId field
verifyType type field
region region field
UserCertifyId traceid field

Additionally, you need to save:

Parameter Source
u_atoken token value
u_asig traceid value

These parameters are used when resending the request after successfully solving the captcha.

Step 3. Finding sceneId via network requests

If the requestInfo object is missing or obfuscated, the sceneId value can be found using an alternative method:

  1. Go to the Network tab.
  2. Search by keywords: sceneId, CaptchaSceneId, sId.
  3. Check the contents of requests and responses related to captcha verification or initialization.

Step 4. Getting prefix

The prefix parameter is usually contained in requests related to loading the captcha task.

To find it:

  1. Find the requests made during captcha initialization.
  2. Open the request URL.
  3. Find the prefix parameter in the query string, URL parameters, or in the server response body.

If the URL looks like this: https://dlw3kug.captcha-open.example.aliyuncs.com/, then the value of the prefix parameter corresponds to the subdomain — dlw3kug.

Step 5. Getting apiGetLib

The apiGetLib parameter is a link to the captcha's JavaScript library.

Usually, it can be obtained in one of the following ways:

  • Find the <script> tag on the captcha page that loads the library.
  • Find the request to the AliyunCaptcha.js file in the Network tab.
  • Form the URL according to the template used by the site.

Example: https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041

Final set of parameters

As a result, the following values should be obtained:

json Copy
{
  "sceneId": "...",
  "prefix": "...",
  "userId": "...",
  "userUserId": "...",
  "verifyType": "...",
  "region": "...",
  "UserCertifyId": "...",
  "apiGetLib": "..."
}

Additionally, you need to save:

json Copy
{
  "u_atoken": "...",
  "u_asig": "..."
}

These values are used to re-execute the request after receiving the captcha solution.

API Parameters

The 2Captcha API supports two task types for Alibaba: using our internal proxies (AlibabaTaskProxyless) and using your own proxies (AlibabaTask).

Parameter Required Description
type Yes Task type. Specify AlibabaTaskProxyless or AlibabaTask
websiteURL Yes Full URL of the target web page
sceneId Yes Captcha scene identifier (extracted from requestInfo or network requests)
prefix Yes Captcha initialization parameter, usually corresponds to the subdomain in the captcha request URL
userId No Unique identifier of the user or session on the site side
userUserId No Additional (secondary) user identifier
verifyType No Version or type of the captcha verification mechanism
region No Server or data center region through which the captcha is processed
UserCertifyId No Unique verification ID associated with the current captcha session
apiGetLib No Link to the captcha JS library used by the site
userAgent No Browser User-Agent with which the page is opened
proxyType No Proxy type (http, socks4, socks5). Required for AlibabaTask type
proxyAddress No IP address or hostname of the proxy server
proxyPort No Proxy server port
proxyLogin No Login for proxy server authentication
proxyPassword No Password for proxy server authentication

JSON Request Examples

Request to create a task (Proxyless):

json Copy
{
   "clientKey":"YOUR_API_KEY",
   "task":{
      "type":"AlibabaTaskProxyless",
      "websiteUrl":"https://www.example.com",
      "sceneId":"abc123xyz4",
      "prefix":"def456gh",
      "userId":"Abc123Def456Ghi789Jkl012Mno345Pqr678Stu901=",
      "userUserId":"Xyz987Abc654Def321Ghi098Jkl765Mno432Pqr109=",
      "verifyType":"1.0",
      "region":"sgp",
      "UserCertifyId":"abc123def456ghi789jkl012mno345pq",
      "apiGetLib":"https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=1234",
      "userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
   }
}

Request using your own proxies:

json Copy
{
   "clientKey":"YOUR_API_KEY",
   "task":{
      "type":"AlibabaTask",
      "websiteUrl":"https://www.example.com",
      "sceneId":"abc123xyz4",
      "prefix":"def456gh",
      "userId":"Abc123Def456Ghi789Jkl012Mno345Pqr678Stu901=",
      "userUserId":"Xyz987Abc654Def321Ghi098Jkl765Mno432Pqr109=",
      "verifyType":"1.0",
      "region":"sgp",
      "UserCertifyId":"abc123def456ghi789jkl012mno345pq",
      "apiGetLib":"https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=1234",
      "userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
      "proxyType":"http",
      "proxyAddress":"1.2.3.4",
      "proxyPort":8080,
      "proxyLogin":"login",
      "proxyPassword":"password"
   }
}

Request to get the result is standard:

json Copy
{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID_FROM_CREATE_TASK"
}

A successful response from the API will contain the tokens for injection:

json Copy
{
  "errorId": 0,
  "status": "ready",
  "solution": {
    "data": {
      "tokens": "{\"sceneId\":\"abc123xyz4\",\"certifyId\":\"aBcDeF1234\",\"deviceToken\":\"ABC_WEB#1234...xyz789=\",\"data\":\"AbC123xYz...DeF456qWe789\"}"
    }
  }
}

Step-by-step implementation in Python

Using the official SDK

python Copy
from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_API_KEY')

try:
    result = solver.alibaba(
        scene_id='abc123xyz4',
        prefix='def456gh',
        url='https://www.example.com',
        user_id='Abc123Def456Ghi789Jkl012Mno345Pqr678Stu901=',
        user_user_id='Xyz987Abc654Def321Ghi098Jkl765Mno432Pqr109=',
        verify_type='1.0',
        region='sgp',
        user_certify_id='abc123def456ghi789jkl012mno345pq',
        api_get_lib='https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=1234',
        user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36'
    )
    print(f"Solution received: {result}")
except Exception as e:
    print(f"Error solving: {e}")

Injecting the solution into the page

After you receive the response from the API, you need to correctly pass it to the target website. The response contains a data object with tokens, which needs to be parsed and injected.

python Copy
import json
from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_API_KEY')

try:
    result = solver.alibaba(
        scene_id='abc123xyz4',
        prefix='def456gh',
        url='https://www.example.com'
    )
    
    # Parse tokens from the response
    tokens_data = json.loads(result['data']['tokens'])
    
    # Extract necessary values
    certify_id = tokens_data['certifyId']
    device_token = tokens_data['deviceToken']
    data = tokens_data['data']
    
    # Inject tokens via JavaScript
    driver.execute_script(f"""
        let certifyInput = document.querySelector('input[name="certifyId"]');
        let deviceTokenInput = document.querySelector('input[name="deviceToken"]');
        let dataInput = document.querySelector('input[name="data"]');
        
        if (certifyInput) certifyInput.value = '{certify_id}';
        if (deviceTokenInput) deviceTokenInput.value = '{device_token}';
        if (dataInput) dataInput.value = '{data}';
    """)
    
except Exception as e:
    print(f"Error: {e}")

If you are sending data directly via a POST request, simply add these parameters to the request body:

python Copy
payload = {
    'username': 'my_user',
    'password': 'my_password',
    'certifyId': certify_id,
    'deviceToken': device_token,
    'data': data
}

Important nuances and best practices

Alibaba CAPTCHA is highly sensitive to network fingerprints and IP addresses. If you solve the captcha from one IP address and submit the form from another, the protection will instantly notice.

Always use high-quality residential proxies if the target website strictly checks IP addresses. To do this, use the AlibabaTask type and pass the proxy parameters directly to the API. The proxy used for solving and the proxy used for the final request must be identical.

Do not delay submitting the form. Alibaba tokens have a limited lifespan. As soon as you receive the solution, immediately inject it and submit the form.

Use the saved u_atoken and u_asig values when resending the request after successfully solving the captcha.

Solution accuracy reports

If the website rejects the received token, be sure to report it. This helps the service improve its algorithms and refunds your funds for the failed attempt.

You can submit a report via the API using the reportIncorrect and reportCorrect endpoints.

Example JSON request:

json Copy
{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID_FROM_CREATE_TASK"
}

Troubleshooting common issues

If the API returns an ERROR_CAPTCHA_UNSOLVABLE error, you most likely copied the sceneId or prefix incorrectly. Check the source code and network requests again.

If the site accepts the tokens but then still blocks you or asks you to pass the captcha again, the problem is almost certainly the IP address. Check your proxy settings and make sure you are using the same IP for solving and for submitting the final form.

If the requestInfo object is obfuscated or missing, use the alternative method to find sceneId via network requests (search by keywords sceneId, CaptchaSceneId, sId).

Conclusion

Bypassing Alibaba CAPTCHA via 2Captcha boils down to extracting sceneId and prefix from the page, sending this data to the API, and injecting the received tokens (certifyId, deviceToken, data) into the form or POST request. The main thing to remember is the importance of using good proxies and submitting the form quickly, as the tokens have a limited lifespan.