How to bypass atbCAPTCHA

Introduction

atbCAPTCHA is a modern behavioral protection system that is starting to gain popularity among developers looking for alternatives to more well-known solutions. It can look like an interactive slider, an image selection task, or work in invisible mode. For automation, this means we need to obtain a special token from a solving service and correctly inject it into the target page.

In this guide, we will break down how to automate bypassing atbCAPTCHA using the 2Captcha API. We will find the necessary parameters, submit the task, and integrate the received token into your script according to the official documentation of the captcha itself.

How to find the parameters for solving

To submit a task for solving, you need to extract critical parameters from the page or source code.

You will need the following values:

• appId — the unique identifier of your captcha, which is passed when initializing the widget on the page.
• websiteURL — the full address of the page where the captcha is loaded. Make sure you specify the exact URL visible in the browser address bar.
• apiServer — the domain of the atbCAPTCHA API server, if the site uses a custom or non-standard domain for loading scripts and making requests.

How to find them in practice:

1. Open Developer Tools (F12) and go to the Elements or Sources tab.
2. Look for the atbCAPTCHA initialization script. Usually, it is a call to the initialization function where the appId parameter is passed (for example, initATBCaptcha('YOUR_APP_ID')).
3. Copy the appId value. If the widget configuration specifies a custom domain for the API, copy it to the apiServer parameter.
4. Make sure the page URL (websiteURL) matches what is in the browser address bar.

API parameters

The 2Captcha API supports two task types for atbCAPTCHA: using our internal proxies (AtbCaptchaTaskProxyless) and using your own proxies (AtbCaptchaTask).

Required parameters:

• type — AtbCaptchaTaskProxyless or AtbCaptchaTask
• websiteURL — full URL of the target page
• appId — the unique captcha identifier obtained from the page

Optional parameters:

• apiServer — the full URL or domain of the atbCAPTCHA API server, if the site uses a custom domain

Proxy parameters (only for AtbCaptchaTask):

• proxyType — proxy type (http, socks4, socks5)
• proxyAddress — IP address or hostname of the proxy server
• proxyPort — proxy server port
• proxyLogin — login for authentication (optional)
• proxyPassword — password for authentication (optional)

JSON request examples

A request to create a task (Proxyless) looks like this:

{
    "clientKey": "YOUR_API_KEY",
    "task": {
        "type": "AtbCaptchaTaskProxyless",
        "websiteURL": "https://example.com/page-with-atbcaptcha",
        "appId": "YOUR_APP_ID"
    }
}

A request using a custom API server:

{
    "clientKey": "YOUR_API_KEY",
    "task": {
        "type": "AtbCaptchaTaskProxyless",
        "websiteURL": "https://example.com/page-with-atbcaptcha",
        "appId": "YOUR_APP_ID",
        "apiServer": "https://custom-api.atbcaptcha.com"
    }
}

A request using your own proxies:

{
    "clientKey": "YOUR_API_KEY",
    "task": {
        "type": "AtbCaptchaTask",
        "websiteURL": "https://example.com/page-with-atbcaptcha",
        "appId": "YOUR_APP_ID",
        "proxyType": "http",
        "proxyAddress": "1.2.3.4",
        "proxyPort": 8080,
        "proxyLogin": "user23",
        "proxyPassword": "p4$w0rd"
    }
}

A request to get the result is standard:

{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID_FROM_CREATE_TASK"
}

A successful response from the API will contain the token for injection:

{
    "errorId": 0,
    "status": "ready",
    "solution": {
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
    },
    "cost": "0.00299",
    "createTime": 1692863536,
    "endTime": 1692863556
}

Step-by-step implementation in Python

Creating the task and getting the result

First, let us write the basic functions for sending the captcha and waiting for the response.

import requests
import time

API_KEY = "YOUR_API_KEY"
API_HOST = "2captcha.com"

def create_atb_task(url, app_id, api_server=None):
    task_data = {
        "type": "AtbCaptchaTaskProxyless",
        "websiteURL": url,
        "appId": app_id
    }
    if api_server:
        task_data["apiServer"] = api_server
        
    payload = {
        "clientKey": API_KEY,
        "task": task_data
    }
    response = requests.post(f"https://api.2captcha.com/createTask", json=payload)
    return response.json()["taskId"]

def get_atb_result(task_id):
    while True:
        time.sleep(3)
        payload = {
            "clientKey": API_KEY,
            "taskId": task_id
        }
        response = requests.post(f"https://api.2captcha.com/getTaskResult", json=payload)
        result = response.json()
        
        if result.get("status") == "ready":
            return result["solution"]["token"]
        elif result.get("errorId") != 0:
            raise Exception(f"API error: {result.get('errorDescription')}")

Using the official SDK

If you do not want to write polling loops manually, you can use the official library. This significantly reduces the code.

from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_API_KEY')

try:
    result = solver.atb_captcha(
        app_id='YOUR_APP_ID',
        url='https://example.com/page-with-atbcaptcha',
        api_server='https://custom-api.atbcaptcha.com' # if required
    )
    print(f"Token received: {result['token']}")
except Exception as e:
    print(f"Error solving: {e}")

Injecting the solution into the page

According to the atbCAPTCHA documentation, after receiving the token, it needs to be correctly passed to the website. The injection method depends on how exactly the widget was integrated on the target page. Usually, one of two approaches is used.

Option 1: Via a hidden field (hidden input)

Most often, atbCAPTCHA creates a hidden field in the DOM tree where you need to write the received token. Usually, this field is named atb-captcha-response or something similar.

# Find the hidden field and insert the token
driver.execute_script(f"""
    let tokenInput = document.querySelector('input[name="atb-captcha-response"]');
    if (tokenInput) {{
        tokenInput.value = '{result["token"]}';
    }}
""")

Option 2: Via a callback function

If a callback function was specified when initializing the widget on the site (for example, the initATBCaptcha parameters specify the function name), the token needs to be passed directly to it. The name of this function needs to be found in the page source code.

# Call the callback function specified in the site documentation and pass the token there
# The function name (e.g., window.atbCaptchaCallback) must be replaced with the real name from the site
driver.execute_script(f"window.atbCaptchaCallback('{result["token"]}');")

After injecting the token using either of these methods, you can submit the form or perform the target action on the site.

Important nuances and best practices

atbCAPTCHA can be sensitive to network fingerprints and behavior. If you solve the captcha from one IP address and submit the form from another, the protection might notice.

Always use high-quality residential proxies if the target website strictly checks IP addresses. To do this, use the AtbCaptchaTask type and pass the proxy parameters directly to the API.

Synchronize the User-Agent if required by the documentation of the specific atbCAPTCHA implementation on the site. Do not delay submitting the form. Tokens have a limited lifespan. As soon as you receive the token, inject it and submit the form immediately.

Solution accuracy reports

If the website rejects the received token, be sure to report it. This helps the service improve its algorithms and refunds your funds for the failed attempt.

You cannot submit a report directly from the browser extension interface, but there are two easy ways to do it:

The first way is via the dashboard. Go to the upload statistics section at https://2captcha.com/statistics/uploads. Find the relevant task in the list and click the Report incorrect button right next to it.

The second way is via the API. If you are writing an automated script, use the reportIncorrect and reportCorrect endpoints, passing your API key and the taskId of the task.

Troubleshooting common issues

If the API returns an ERROR_CAPTCHA_UNSOLVABLE error, you most likely copied the appId incorrectly or specified the wrong page URL. Check the source code again.

If the site accepts the token but then still blocks you or asks you to pass the captcha again, the problem is almost certainly the IP address or browser fingerprints. Check your proxy settings and make sure you are not using automation without masking.

If you are working with a custom implementation and getting errors, make sure you are passing the correct apiServer parameter if it is used on the site, and that the token is being injected into the exact callback or input that the specific site expects.

Useful links

• atbCAPTCHA API Documentation: https://2captcha.com/api-docs/atb-captcha
• Upload statistics and sending reports: https://2captcha.com/statistics/uploads
• Support Center: https://2captcha.com/support/tickets/new
• Code examples on GitHub: https://github.com/2captcha

Conclusion

Bypassing atbCAPTCHA via 2Captcha boils down to extracting the appId and URL from the page, sending this data to the API, and injecting the received token into the form or callback function according to the widget documentation. Keep in mind the importance of using good proxies and submitting the form quickly, as tokens have a limited lifespan.