How to bypass captcha in Burp Suite
Burp Suite is a powerful tool for penetration testing and web automation. But captchas can block your workflow when testing login forms or APIs.
In this article, we’ll show you how to integrate the bypass API into Burp Suite to automatically solve CAPTCHAs like reCAPTCHA v2.
Step-by-step: Solve captcha
To solve CAPTCHAs inside Burp flows, we’ll use Burp’s Extension capabilities (via Jython or external Python) to send requests to the API.
Overview
- Intercept the request containing a CAPTCHA
- Extract
sitekey
andpageurl
- Send a
createTask
request to 2Captcha - Poll
getTaskResult
until the token is ready - Inject the token (
g-recaptcha-response
) into the request or HTML
Required tools
- Burp Suite (Pro or Community)
- Jython (if scripting inside Burp) or standalone Python 3
- Account + API key
1. Intercept the captcha request
Using Burp Proxy or Repeater, inspect the login or protected page. Look for a tag like this in the response:
html
<div class="g-recaptcha" data-sitekey="6Lc_aXkUAAAAA..." />
Note:
sitekey
→ value ofdata-sitekey
pageurl
→ the URL where CAPTCHA is located
2. Solve captcha via solver API
Here is the fully working Python code using the correct API endpoints:
python
import requests
import time
API_KEY = 'your_2captcha_api_key_here'
SITEKEY = '6Lc_aXkUAAAAA...' # Replace with real sitekey
PAGEURL = 'https://example.com' # Replace with real page URL
# Step 1: Create task
create_payload = {
"clientKey": API_KEY,
"task": {
"type": "NoCaptchaTaskProxyless",
"websiteURL": PAGEURL,
"websiteKey": SITEKEY
}
}
resp = requests.post('https://api.2captcha.com/createTask', json=create_payload)
resp.raise_for_status()
task_id = resp.json().get("taskId")
if not task_id:
raise Exception("Failed to create task: " + str(resp.json()))
# Step 2: Poll for result
for _ in range(20): # ~100 seconds max
time.sleep(5)
result = requests.post('https://api.2captcha.com/getTaskResult', json={
"clientKey": API_KEY,
"taskId": task_id
})
result.raise_for_status()
data = result.json()
if data.get("status") == "ready":
token = data["solution"]["gRecaptchaResponse"]
print("CAPTCHA Solved Token:", token)
break
else:
raise TimeoutError("Captcha solving timed out or failed")
3. Inject the token into the request
Once you have the token:
-
If you're testing a login form, add a field to the request body:
g-recaptcha-response=<token>
-
You can do this manually in Burp Repeater, or write an extension to do it automatically using
IBurpExtender
andIHttpListener
.
Supported captcha types
The type
parameter in the API determines what kind of captcha you're solving. Here's the full list of supported types:
Captcha Type | type in API | Description |
---|---|---|
Normal image captcha | normal |
Simple distorted-image captcha |
Text captcha | text |
Basic text (alphanumeric) input captcha |
Rotate captcha | rotate |
Requires rotating image to correct orientation |
Coordinates captcha | coordinates |
Click on certain points |
Grid captcha | grid |
Select correct squares |
Draw-around captcha | drawAround |
Draw a boundary around object |
Bounding box | boundingBox |
Select and draw boxes |
Audio captcha | audio |
Solve via audio transcription |
reCAPTCHA v2 | recaptcha2 |
Most common Google captcha |
reCAPTCHA v2 Invisible | recaptcha2Invisible |
Invisible reCAPTCHA variant |
reCAPTCHA v3 | recaptcha3 |
Score-based background validation |
reCAPTCHA Enterprise | recaptchaEnterprise |
Google enterprise-level captcha |
Cloudflare Turnstile | turnstile |
Captcha from Cloudflare |
Arkose Labs FunCaptcha | funcaptcha |
Interactive puzzle captcha |
GeeTest v3 | geetest |
Chinese interactive captcha |
GeeTest v4 | geetest_v4 |
Newer version of GeeTest |
Capy Puzzle captcha | capy |
Image puzzle captcha |
KeyCAPTCHA | keycaptcha |
Click/drag puzzle |
Lemin captcha | leminCaptcha |
Obscure, JavaScript-heavy captcha |
Amazon captcha | amazonCaptcha |
Used on Amazon registration pages |
CyberSiARA captcha | cyberSiaraCaptcha |
Enterprise captcha |
MTCaptcha | mtcaptchaCaptcha |
Rare, image-based captcha |
Cutcaptcha | cutcaptcha |
Captcha requiring piece placement |
Friendly captcha | friendlyCaptcha |
Privacy-friendly captcha |
DataDome captcha | datadomeCaptcha |
Enterprise captcha on e-commerce |
atbCAPTCHA | atbCaptcha |
Used on ATB banking services |
Tencent captcha | tencentCaptcha |
Chinese provider's captcha |
Procaptcha | procaptcha |
Captcha with decentralized tech |
CaptchaFox | captchafox |
Lesser-known variant |
Explore more in the captcha solver API docs
Troubleshooting
- No taskId? → Check your
clientKey
andtask
structure - Stuck on “processing”? → Wrong sitekey or unsupported CAPTCHA
- Failed status? → Try again or check your account balance
- 403 or other errors? → Check rate-limits, headers, and content-type
Summary
By integrating 2Captcha with Burp Suite using the official API, you can automate CAPTCHA solving during security testing, login form testing, or bot simulations.
Just extract the sitekey and URL, solve the CAPTCHA, and inject the token into the request — all in a clean, scriptable pipeline.