Logo of «2Captcha»To home page
Captcha bypass tutorials

Was this helpful?

How to bypass Cloudflare CAPTCHA (Turnstile) with a browser extension

Gregory Fisher
Gregory Fisher

Technical engineer

Introduction

Cloudflare has long changed its approach to website protection, replacing old pages with endless checks with a modern system called Turnstile. Unlike classic captchas where you need to click on pictures, Turnstile is a smart protection system. It often works in invisible mode, analyzing the browser execution environment, user behavior, TLS fingerprints, and IP address reputation to distinguish a human from a bot.

However, during manual web application testing, API debugging, or parsing, Turnstile can become a serious obstacle. Writing complex scripts to bypass every form is time-consuming and irrational.

This is where the 2Captcha browser extension comes to the rescue. It integrates the capabilities of our API directly into the browser, allowing you to bypass Cloudflare Turnstile without writing code.

What is Turnstile and what types of protection exist

To effectively bypass protection, it is important to understand exactly what you are dealing with. Cloudflare uses two main formats:

  • Standalone Captcha (Widget). This is a separate element (like a checkbox or invisible script) embedded directly into a form on a page (during login, registration, checkout).
  • Cloudflare Challenge Page. This is a full intermediate page that blocks access to the entire site before you even see its content. It usually says Checking your browser... or Verify you are human.

It is important to note that our extension handles both scenarios. It successfully solves both individual widgets (Standalone Captcha) and global blocking pages (Cloudflare Challenge Page), returning access to the site.

How the extension works

The extension acts as a bridge between the current web page and the 2Captcha infrastructure. Here is what happens under the hood:

  1. The extension scans the page DOM tree looking for the Turnstile widget (usually a div with the class cf-turnstile) or determines that you are on a Challenge Page.
  2. It automatically extracts the unique sitekey and the current page URL.
  3. In the background, a request is sent to the 2Captcha API to create a solving task.
  4. Once the task is solved, the extension injects the received token into the hidden cf-turnstile-response field and triggers the standard callback, making the site think a real user passed the check.

Installation and setup

Getting started takes less than a minute.

You can download and install the extension from the official page: https://2captcha.com/captcha-bypass-extension. It supports all Chromium-based browsers (Chrome, Edge, Brave, etc.).

After installation, you need to link the extension to your account:

  • Click the extension icon in the browser toolbar.
  • Open the settings menu.
  • Paste your 2Captcha API key into the appropriate field.
  • Save the changes.

Make sure you have funds in your balance. The extension works via the API, so if your balance is zero, getting tokens will be impossible.

Solving Cloudflare Turnstile

When you open a page with a Cloudflare widget or land on a Challenge Page, the extension recognizes it instantly.

Solving the captcha is very simple: the extension injects a special solve button right next to the captcha widget (or in another convenient place that you can configure in the extension settings). You just need to click it.

Alternatively, you can enable the auto-solve mode in the settings. In this case, the extension will recognize and solve Turnstile as soon as it appears, completely without your participation.

After a few seconds, the widget will show a success checkmark (or the Challenge Page will let you through to the site), the hidden token field will be filled, and you can safely continue working.

Why this is convenient for QA and developers

Using the extension provides a number of unique advantages:

  • Time saving. You do not need to spin up a headless browser, configure drivers, and write code to extract the sitekey. You just open the page, and the extension does everything itself.
  • Flexibility in manual testing. You can manually go through complex multi-step scenarios. If Cloudflare suddenly pops up on the third step of checkout, the extension handles it instantly without interrupting your test.
  • Hybrid scenarios. Many specialists use the extension for quick manual login or passing the Challenge Page, and then switch to their scripts for further parsing.

Important nuances and Cloudflare limitations

Although the extension is incredibly convenient, when working with Cloudflare it is important to understand the specifics of this protection.

When the extension might not work

Cloudflare Turnstile is not just a token check. This system deeply analyzes IP address reputation and browser fingerprints. The extension is great at injecting the token, but it cannot spoof your IP address or change browser network fingerprints.

If you visit a site from a bad IP address (for example, from a data center), Cloudflare might just go into an endless check loop or reject the injected token, even if it is mathematically correct. Also, site developers sometimes use non-standard wrappers for Turnstile, which is why the extension might not recognize it.

What to do if the site rejected the token or the extension did not help

If you encounter a situation where the extension does not see the captcha or the site rejects the solution due to strict Cloudflare rules, do not despair. In such cases, the full 2Captcha API comes to the rescue.

With it, you can write your own script that will use TurnstileTask type tasks, passing your own high-quality residential proxies. This allows you to control the IP address from which the captcha is solved, which is critical for bypassing strict Cloudflare checks.

We have prepared a detailed guide that step-by-step describes how to solve Turnstile using the API, bypass IP restrictions, and work with the Challenge Page: https://2captcha.com/h/how-to-bypass-cloudflare-captcha

Where to send reports for incorrect solutions

Sometimes a site might reject a token, especially if the session has expired or Cloudflare security triggers have fired. It is important to know that you cannot submit an incorrect solution report (reportIncorrect) directly from the extension interface. But this is not a problem. You can easily do this in two other ways:

  1. Via the dashboard. Go to the upload statistics section at https://2captcha.com/statistics/uploads. There will be a list of all your recent tasks. Find the right one and click the Report incorrect button right next to it. This is the fastest way if you just ran into a problem.
  2. Via the API. If you are automating the process or want to send reports from your script, use the reportIncorrect and reportCorrect endpoints. Just pass your API key and the taskId of the task you want to mark.

Sending reports helps the system learn and improves accuracy for your future requests.

Browser permissions

If the extension does not react to the appearance of the Cloudflare widget, check the site access permissions in your browser settings. Make sure the extension is allowed to work on the current domain and in incognito mode (if you are using it).

Conclusion

The 2Captcha browser extension is a powerful tool for quickly bypassing Cloudflare Turnstile without writing code. It is ideal for QA engineers, testers, and developers who need to manually or semi-automatically pass through forms (Standalone Captcha) and global blocking pages (Cloudflare Challenge Page).

However, always remember that Cloudflare heavily depends on IP address reputation. If the extension fails due to network-level blocks, switch to using the full 2Captcha API with proxy servers. Detailed instructions and code examples can be found in our guide: https://2captcha.com/h/how-to-bypass-cloudflare-captcha.