Was this helpful?
How to bypass Yidun Captcha (NECaptcha)
Technical engineer
Introduction
Yidun, also known as NetEase Yidun or NECaptcha, is a robust protection system developed by NetEase. It is widely used on Asian websites, in online games, and across various web services. Yidun can appear as a classic slider that needs to be dragged to a specific position, an image selection task, or it can operate invisibly by analyzing user behavior and the execution environment.
For developers and automation specialists, this means standard text recognition methods are not enough. We need to obtain a special validation token from a solving service and correctly inject it into the target page. In this guide, we will break down how to automate bypassing Yidun using the 2Captcha API.
How to Find the Parameters for Solving
To submit a task for solving, you need to extract a few critical parameters from the page.
The first parameter is websiteURL. This is the full address of the page where the captcha is loaded. Make sure you specify the exact URL visible in the browser's address bar.
The second parameter is websiteKey. This is the unique identifier for your captcha. In the source code or network requests, it is usually passed as the id or sitekey parameter.
How to find them in practice:
- Open Developer Tools (F12) and go to the Network tab.
- Trigger the captcha on the page.
- Look for a request starting with get?referer= or check?referer=.
- The referer value is your websiteURL. If it is encoded, decode it.
- The id value in this request is your websiteKey.
If you are dealing with the Enterprise version of Yidun, you will also need dynamic parameters: challenge, hcg, and hct. You can find them in requests like cscPreprocess?reflushCode=. You must extract them right before submitting the task, as they expire very quickly.
API Parameters
The 2Captcha API supports two task types for Yidun: using our internal proxies (YidunTaskProxyless) and using your own proxies (YidunTask).
Required parameters:
- type: YidunTaskProxyless or YidunTask
- websiteURL: full URL of the target page
- websiteKey: the value of the id or sitekey parameter
Optional parameters:
- userAgent: your browser's User-Agent
- yidunGetLib: full URL of the JavaScript file loading the captcha (for Enterprise)
- yidunApiServerSubdomain: Yidun API server subdomain (for Enterprise)
- challenge, hcg, hct: dynamic parameters for the Enterprise version
Proxy parameters (only for YidunTask):
- proxyType: proxy type (http, socks4, socks5)
- proxyAddress: IP address or hostname of the proxy server
- proxyPort: proxy server port
- proxyLogin: login for authentication
- proxyPassword: password for authentication
JSON Request Examples
A request to create a task (Proxyless) looks like this:
json
{
"clientKey": "YOUR_API_KEY",
"task": {
"type": "YidunTaskProxyless",
"websiteURL": "https://example.com/page-with-yidun",
"websiteKey": "0f743r...m5",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
}
}A request for the Enterprise version:
json
{
"clientKey": "YOUR_API_KEY",
"task": {
"type": "YidunTaskProxyless",
"websiteURL": "https://example.com/page-with-yidun",
"websiteKey": "0f743r...m5",
"yidunGetLib": "https://example.com/yidun/load.min.js",
"yidunApiServerSubdomain": "c.dun.163.com",
"challenge": "0c59ba0da6e95091ccdf2...b141fb1d",
"hcg": "2c78a77388216b3c1a0...28b28",
"hct": 1779358333191
}
}A request to get the result is standard:
json
{
"clientKey": "YOUR_API_KEY",
"taskId": "TASK_ID_FROM_CREATE_TASK"
}A successful response from the API will contain the token for injection:
json
{
"errorId": 0,
"status": "ready",
"solution": {
"token": "D19scz7n4VCU7b_iCW1wxMjwTK09oIA_...HZJy2jaGkxiB9b"
},
"cost": "0.003",
"createTime": 1692863536,
"endTime": 1692863556
}Step-by-Step Implementation in Python
Creating the Task and Getting the Result
First, let's write the basic functions for sending the captcha and waiting for the response.
python
import requests
import time
API_KEY = "YOUR_API_KEY"
API_HOST = "api.2captcha.com"
def create_yidun_task(url, website_key, user_agent=None):
payload = {
"clientKey": API_KEY,
"task": {
"type": "YidunTaskProxyless",
"websiteURL": url,
"websiteKey": website_key
}
}
if user_agent:
payload["task"]["userAgent"] = user_agent
response = requests.post(f"https://api.2captcha.com/createTask", json=payload)
return response.json()["taskId"]
def get_yidun_result(task_id):
while True:
time.sleep(3)
payload = {
"clientKey": API_KEY,
"taskId": task_id
}
response = requests.post(f"https://api.2captcha.com/getTaskResult", json=payload)
result = response.json()
if result.get("status") == "ready":
return result["solution"]["token"]
elif result.get("errorId") != 0:
raise Exception(f"API error: {result.get('errorDescription')}")Injecting the Solution into the Page
Once you get the token string from the API response, you need to pass it to the website. In most cases, Yidun expects this token in a hidden input field inside the form, or it needs to be sent in the POST request body during login or registration.
If you are using Selenium or Playwright, you can find the hidden field and set its value via JavaScript.
python
driver.execute_script(f"""
let tokenInput = document.querySelector('input[name="yidun_token"]');
if (tokenInput) {{
tokenInput.value = '{result["token"]}';
}}
""")Important Nuances and Best Practices
Yidun is heavily tied to network fingerprints and behavior. If you solve the captcha from one IP address and submit the form from another, the protection will instantly notice and reject the token.
Always use high-quality residential proxies. If you are automating a browser, ensure the proxy is configured at the browser level itself, not just for API requests. To do this, use the YidunTask type and pass the proxy parameters directly to the API.
Also, synchronize the User-Agent. Pass the same User-Agent in the API task parameters that your browser is using. This reduces the risk of the security system flagging the session as suspicious.
Do not delay submitting the form. Yidun tokens have a limited lifespan. As soon as you receive the token, inject it and submit the form immediately.
Solution Accuracy Reports
If the website rejects the received token, be sure to report it. This helps the service improve its algorithms and refunds your funds for the failed attempt.
You cannot submit a report directly from the browser extension interface, but there are two easy ways to do it:
The first way is via the dashboard. Go to the upload statistics section at https://2captcha.com/statistics/uploads. Find the relevant task in the list and click the Report incorrect button right next to it. This is the fastest option if you just ran into an error.
The second way is via the API. If you are writing an automated script, you can send reports programmatically. Use the reportIncorrect and reportCorrect endpoints, passing your API key and the taskId of the task.
Troubleshooting Common Issues
If the API returns an ERROR_CAPTCHA_UNSOLVABLE error, you most likely copied the websiteKey incorrectly or specified the wrong page URL. Check the source code and network requests again.
If the site accepts the token but then still blocks you or asks you to pass the captcha again, the problem is almost certainly the IP address or browser fingerprints. Check your proxy settings and make sure you are not using automation without masking.
If you are working with the Enterprise version and getting errors, make sure you are passing the dynamic parameters challenge, hcg, and hct. Remember that they expire very quickly, so you need to extract them immediately before creating the task.
Useful Links
- Yidun API Documentation: https://2captcha.com/api-docs/yidun-necaptcha
- Upload statistics and sending reports: https://2captcha.com/statistics/uploads
- Support Center: https://2captcha.com/support/tickets/new
- Code examples on GitHub: https://github.com/2captcha
parameters.
Conclusion
Bypassing Yidun CAPTCHA via 2Captcha boils down to extracting websiteURL and websiteKey from the page, sending this data to the API, and injecting the received token into the form. The main thing to remember is the importance of using good proxies and synchronizing the User-Agent, as this protection is highly sensitive to network parameters. For complex cases with the Enterprise version, do not forget to pass the additional dynamic