How to bypass Amazon captcha

This article describes how to bypass the Amazon captcha using Amazon captcha solver. Many users encounter issue with Amazon captcha (also known as AWS WAF), especially those engaged in automation tasks or other activities that require frequent interactions with Amazon's services. The purpose of this article is to provide a detailed guide on how to bypass this CAPTCHA efficiently. Below, we will take a step-by-step look at the features of bypassing this type of captcha using captcha solver API.

Amazon CAPTCHA is a security system that offers a user to complete one of three types of tasks:

1. A puzzle with images. You must select all the images in the grid that contain a specific object.

2. Defining the endpoint. The user is shown a task where it is necessary to determine where the car will end up at the end of the path in the illustration.

3. Audio task. It includes background noise with voice instructions superimposed. The user must enter the text they have heard into the text field.

The screenshot below shows examples of all three types of tasks:

The 2Captcha service provides support for the AWS WAF CAPTCHA solution. There are two task options available for working with this type of CAPTCHA: AmazonTaskProxyless and AmazonTask.

• AmazonTaskProxyless - This option is ideal for users who do not have their own proxies. Uses an internal pool of 2captcha proxy servers to download and solve the CAPTCHA.
• AmazonTask - This method is suitable for those who want to use their proxies for more flexibility or specific requirements. Proxy servers provided by the user are used to solve the CAPTCHA.

The AWS WAF captcha meets accessibility requirements and includes an audio task. This allows us to solve it using our audio recognition method.

However, we recommend using the specially developed method described above first, as it provides a more efficient and faster solution. The audio method should be considered as an alternative if necessary.

Bypass Amazon captcha Step by Step

preparation

1. A 2Captcha account. You can register at captcha solver.

2. An API key from 2Captcha, which you can find in your account dashboard.

3. Basic knowledge of any programming language to integrate the API.

Step 1: Found Amazon captcha params

🎯 The purpose of the Step 1 is to determine the Amazon CAPTCHA parameters and compose the JSON contains correct parameters values.

To solve the Amazon CAPTCHA, you need to send the required parameters: websiteKey, iv, and context of the found CAPTCHA to our API. These parameters can be found in the source code of the page.

Example of found Amazon CAPTCHA parameters on page:

Important: Amazon CAPTCHA has specific features that complicate the process of successful solving:

1. Updating the iv and context parameters.
   To solve the Amazon CAPTCHA, you need to get the current values of the iv and context parameters each time. Using outdated values will result in the generated token being invalid.
2. Limited solving time.
   The CAPTCHA task is dynamically updated. This means that you have limited time to solve and apply the token. On average, this interval is about 30 seconds.

It is necessary to generate JSON object in accordance with the documentation for the AmazonTaskProxyless method.

The final JSON data required to send an AWS CAPTCHA to the service will look something like this:

{
    "clientKey": "YOUR_API_KEY",
    "task": {
        "type": "AmazonTaskProxyless",
        "websiteURL": "https://efw47fpad9.execute-api.us-east-1.amazonaws.com/latest",
        "challengeScript": "https://41bcdd4fb3cb.610cd090.us-east-1.token.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/challenge.js",
        "captchaScript": "https://41bcdd4fb3cb.610cd090.us-east-1.captcha.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/captcha.js",
        "websiteKey": "AQIDA...wZwdADFLWk7XOA==",
        "context": "qoJYgnKsc...aormh/dYYK+Y=",
        "iv": "CgAAXFFFFSAAABVk"
    }
}

Don't forget set your apikey instead of YOUR_API_KEY.

After generating the correct JSON, you can proceed to the next step.

Step 2: Create Task for solving Amazon CAPTCHA

🎯 The goal of Step 2 is to create a task for solving the Amazon CAPTCHA and obtain the taskId of the created task.

To create an Amazon CAPTCHA solution task, you need to send a createTask POST request. In the request body, include the JSON data generated in the previous Step 1.

If you have done everything correctly, you will receive a taskId in response. Using this ID, we will retrieve the CAPTCHA solution later.

Example response for a successfully created task:

{
    "errorId": 0,
    "taskId": 74372499131
}

This means that a task to solve the CAPTCHA you sent has been successfully created. Next, a 2Captcha worker will receive and solve the CAPTCHA. After a successful solution, you will be able to retrieve the CAPTCHA solution, which is a token.

In the next step, we will use the taskId value to request the result of the CAPTCHA solution.

Step 3: Get Task Result for Amazon captcha bypass

🎯 The purpose of Step 3 is to retrieve the result of a successfully solved CAPTCHA. You should receive a JSON response containing the solution object.

To retrieve the result of your CAPTCHA, you need to make a request to the API. This can be done by sending a POST request to https://api.2captcha.com/getTaskResult, specifying the taskId in the request body. Use the taskId value obtained in step 2.

Example Request:

{
   "clientKey": "YOUR_API_KEY", 
   "taskId": 74372499131
}

Solving the CAPTCHA takes some time, usually between 3 and 15 seconds, depending on the service load and the number of available workers.

In other words, at this step, we check whether the CAPTCHA has been solved. To do this, you need to send a getTaskResult request, specifying your taskId value at intervals of approximately 3–5 seconds.

Depending on the CAPTCHA status, you may receive one of three response types: processing, ready, or ERROR_CAPTCHA_UNSOLVABLE. Below is a more detailed description of each status.

processing

This status indicates that the CAPTCHA has not been solved yet. You need to wait for a few seconds before retrying the request.

Example response with status processing:

{
    "errorId": 0,
    "status": "processing"
}

ready

Your captcha has been successfully solved. The response contains a solution object that includes two values: captcha_voucher and existing_token. These values represent the CAPTCHA solution and should be used in the next step. Detailed instructions on how to apply them are provided in the following section.

Example response with the ready status:

{
    "errorId": 0,
    "status": "ready",
    "solution": {
        "captcha_voucher": "eyJ0eXAiOiJKV1QiLCJhbGZpZGVkIjoxfQ.wxen...ypctcr_tFY1HXjDAimCdxLIYe5xb8Urzjv4",
        "existing_token": "0a4aa52a-f464-4f82-a71f-e3a7d012ee73:EQo...AbgxKDrsDAAAA:ktn5WJuJoaMfXQ1PkZzbw="
    },
    "cost": "0.00145",
    "ip": "1.2.3.4",
    "createTime": 1640828190,
    "endTime": 1640829170,
    "solveCount": 1
}

Once you receive this response, you can proceed to the next step.

ERROR_CAPTCHA_UNSOLVABLE

Your CAPTCHA could not be solved. This may happen for various reasons, such as when a worker is unable to process your CAPTCHA. If you receive this status, you should submit a new task to solve the CAPTCHA again.

In most cases, the ERROR_CAPTCHA_UNSOLVABLE status is rare and does not cause significant issues. However, if all your CAPTCHAs consistently return this status, it may indicate an error on your side. This means that the CAPTCHA, along with the parameters you provided, cannot be processed correctly. In this case, you should verify that all submitted parameters are correct.

When working with Amazon CAPTCHA, special attention should be given to the iv and context parameters. Ensure that you use fresh values for these parameters with each CAPTCHA request.

Example response with the ERROR_CAPTCHA_UNSOLVABLE status:

{
    "errorId": 12,
    "errorCode": "ERROR_CAPTCHA_UNSOLVABLE",
    "errorDescription": "Workers could not solve the Captcha"
}

Step 4: Applying the CAPTCHA Solution

🎯 The purpose of Step 4 is to correctly apply the received token (solution) on the page containing the CAPTCHA.

Use the returned solution in your interaction with the target website. Normally, the values are sent in the corresponding fields of a POST request, but you should verify how they are used in your specific case.

To determine how to apply the token on a page, you can start with the following steps:

1. Analyze Network Requests:
   Use browser developer tools (e.g., the "Network" tab in Chrome DevTools) to track the requests sent after solving the CAPTCHA. This will help identify where the token is being used.
2. Inspect JavaScript Code:
   Look for scripts on the page related to the CAPTCHA. Tokens are often inserted into a form before submission or included in the HTTP request headers. Study the code to understand the mechanism.
3. Examine Page Elements:
   Check HTML elements such as hidden form fields () where the token might be stored. The token is often added to these fields after the CAPTCHA is successfully solved.
4. Refer to the Documentation:
   Review the official CAPTCHA documentation, which usually provides details on how to implement and use the token on the server side.
5. Test the Token:
   Copy the token and manually send a request to verify that it works correctly. This can help confirm how the server processes the provided token.

How to Avoid Amazon WAF CAPTCHA

To minimize the chances of encountering a CAPTCHA, follow these best practices:

1. Avoid excessive requests:
   Do not send requests too frequently or in large volumes. Amazon WAF monitors abnormal spikes in activity. Use intervals between requests to make them appear more natural.

2. Use proper HTTP headers:
   Ensure your requests include correct and plausible headers, such as User-Agent, which should mimic standard browsers.

3. Utilize proxies or IP rotation:
   Frequent requests from a single IP address may be flagged as suspicious. Use proxy services or IP rotation to distribute requests. Avoid IP addresses associated with data centers or VPN services, as they are often blacklisted. It is recommended to use mobile or residential IP addresses, such as residential proxies.

By following these recommendations, you can reduce the likelihood of being blocked or encountering a CAPTCHA with Amazon WAF.

Useful links

• Captcha solver API
• Documentation for bypass the Amazon CAPTCHA using API V2
• Code examples using API v1 and official libraries can be found on GitHub:
  python | javascript | go | ruby | php | java | csharp | c++