Captcha bypass tutorials

How to bypass captcha in Burp Suite

How to bypass captcha in Burp Suite using captcha solver API

Burp Suite is a powerful tool for penetration testing and web automation. But captchas can block your workflow when testing login forms or APIs.

In this article, we’ll show you how to integrate the bypass API into Burp Suite to automatically solve CAPTCHAs like reCAPTCHA v2.

Step-by-step: Solve captcha

To solve CAPTCHAs inside Burp flows, we’ll use Burp’s Extension capabilities (via Jython or external Python) to send requests to the API.

Overview

  1. Intercept the request containing a CAPTCHA
  2. Extract sitekey and pageurl
  3. Send a createTask request to 2Captcha
  4. Poll getTaskResult until the token is ready
  5. Inject the token (g-recaptcha-response) into the request or HTML

Required tools

  • Burp Suite (Pro or Community)
  • Jython (if scripting inside Burp) or standalone Python 3
  • Account + API key

1. Intercept the captcha request

Using Burp Proxy or Repeater, inspect the login or protected page. Look for a tag like this in the response:

html Copy
<div class="g-recaptcha" data-sitekey="6Lc_aXkUAAAAA..." />

Note:

  • sitekey → value of data-sitekey
  • pageurl → the URL where CAPTCHA is located

2. Solve captcha via solver API

Here is the fully working Python code using the correct API endpoints:

python Copy
import requests
import time

API_KEY = 'your_2captcha_api_key_here'
SITEKEY = '6Lc_aXkUAAAAA...'  # Replace with real sitekey
PAGEURL = 'https://example.com'  # Replace with real page URL

# Step 1: Create task
create_payload = {
    "clientKey": API_KEY,
    "task": {
        "type": "NoCaptchaTaskProxyless",
        "websiteURL": PAGEURL,
        "websiteKey": SITEKEY
    }
}
resp = requests.post('https://api.2captcha.com/createTask', json=create_payload)
resp.raise_for_status()

task_id = resp.json().get("taskId")
if not task_id:
    raise Exception("Failed to create task: " + str(resp.json()))

# Step 2: Poll for result
for _ in range(20):  # ~100 seconds max
    time.sleep(5)
    result = requests.post('https://api.2captcha.com/getTaskResult', json={
        "clientKey": API_KEY,
        "taskId": task_id
    })
    result.raise_for_status()
    data = result.json()
    if data.get("status") == "ready":
        token = data["solution"]["gRecaptchaResponse"]
        print("CAPTCHA Solved Token:", token)
        break
else:
    raise TimeoutError("Captcha solving timed out or failed")

3. Inject the token into the request

Once you have the token:

  • If you're testing a login form, add a field to the request body:

    Copy
    g-recaptcha-response=<token>
  • You can do this manually in Burp Repeater, or write an extension to do it automatically using IBurpExtender and IHttpListener.

Supported captcha types

The type parameter in the API determines what kind of captcha you're solving. Here's the full list of supported types:

Captcha Type type in API Description
Normal image captcha normal Simple distorted-image captcha
Text captcha text Basic text (alphanumeric) input captcha
Rotate captcha rotate Requires rotating image to correct orientation
Coordinates captcha coordinates Click on certain points
Grid captcha grid Select correct squares
Draw-around captcha drawAround Draw a boundary around object
Bounding box boundingBox Select and draw boxes
Audio captcha audio Solve via audio transcription
reCAPTCHA v2 recaptcha2 Most common Google captcha
reCAPTCHA v2 Invisible recaptcha2Invisible Invisible reCAPTCHA variant
reCAPTCHA v3 recaptcha3 Score-based background validation
reCAPTCHA Enterprise recaptchaEnterprise Google enterprise-level captcha
Cloudflare Turnstile turnstile Captcha from Cloudflare
Arkose Labs FunCaptcha funcaptcha Interactive puzzle captcha
GeeTest v3 geetest Chinese interactive captcha
GeeTest v4 geetest_v4 Newer version of GeeTest
Capy Puzzle captcha capy Image puzzle captcha
KeyCAPTCHA keycaptcha Click/drag puzzle
Lemin captcha leminCaptcha Obscure, JavaScript-heavy captcha
Amazon captcha amazonCaptcha Used on Amazon registration pages
CyberSiARA captcha cyberSiaraCaptcha Enterprise captcha
MTCaptcha mtcaptchaCaptcha Rare, image-based captcha
Cutcaptcha cutcaptcha Captcha requiring piece placement
Friendly captcha friendlyCaptcha Privacy-friendly captcha
DataDome captcha datadomeCaptcha Enterprise captcha on e-commerce
atbCAPTCHA atbCaptcha Used on ATB banking services
Tencent captcha tencentCaptcha Chinese provider's captcha
Procaptcha procaptcha Captcha with decentralized tech
CaptchaFox captchafox Lesser-known variant

Explore more in the captcha solver API docs

Troubleshooting

  • No taskId? → Check your clientKey and task structure
  • Stuck on “processing”? → Wrong sitekey or unsupported CAPTCHA
  • Failed status? → Try again or check your account balance
  • 403 or other errors? → Check rate-limits, headers, and content-type

Summary

By integrating 2Captcha with Burp Suite using the official API, you can automate CAPTCHA solving during security testing, login form testing, or bot simulations.

Just extract the sitekey and URL, solve the CAPTCHA, and inject the token into the request — all in a clean, scriptable pipeline.