實驗繞過複雜類型的驗證碼

作為我的科學和研究興趣的一部分，我決定嘗試繞過複雜類型的驗證碼。

As part of my scientific and research interests, I decided to experiment with bypassing complex types of CAPTCHAs. Well, by “experiment” I mean testing the functionality and verifying that my electronic colleague can write code on my behalf. Yes, there was a lot of extra stuff—follow ethical norms, blah blah blah… But the simple fact remains: dude, I’m doing this solely as part of research, and everyone agreed.

作為我的科學和研究興趣的一部分，我決定嘗試繞過複雜類型的驗證碼。好吧，通過“實驗”，我的意思是測試功能並驗證我的電子同事可以代表我編寫代碼。是的，有很多額外的東西 - 遵循道德準則，等等等等……但是簡單的事實仍然是：伙計，我完全是作為研究的一部分來做的，每個人都同意。

I turned my attention to the Cloudflare Turnstile CAPTCHA because I hadn’t encountered this specific type before, and I suggest we proceed step by step. First, let’s explain what Turnstile is for anyone who isn’t in the loop:

我將注意力轉移到Cloudflare旋轉門驗證碼上，因為我以前從未遇到過這種特定類型，我建議我們逐步進行。首先，讓我們解釋一下不在循環中的任何人的旋轉門：

What is Turnstile CAPTCHA and Why Can Bypassing Cloudflare Turnstile Be a Real Headache?

什麼是旋轉門驗證碼，為什麼繞過Cloudflare旋轉柵門是一個真正的頭痛？

Turnstile is a CAPTCHA solution developed by Cloudflare designed to protect websites from automated access (bots) without creating unnecessary obstacles for users. The main idea is to provide a high level of security with minimal interference in the user experience. In some cases, the user may not even be required to take any additional actions—the verification can occur in the background.

Turnstile是CloudFlare開發的驗證碼解決方案，旨在保護網站免受自動訪問（BOT）的影響，而無需為用戶造成不必要的障礙。主要思想是提供高度的安全性，對用戶體驗的干擾最少。在某些情況下，可能甚至不需要用戶採取任何其他措施 - 驗證可能會在後台進行。

But not in my case, as both types of Turnstile CAPTCHAs I bypassed were visibly rendered.

但就我而言，這並非如此，因為兩種類型的旋轉碼驗證碼繞過了明顯的渲染。

Turnstile CAPTCHA comes in a simpler version—reminiscent of reCAPTCHA—and a more complex variant: Challenge CAPTCHA is an advanced version that is employed when basic checks don’t conclusively determine whether the visitor is human. This system integrates extra verification steps to enhance security without immediately burdening all users with complex challenges.

旋轉門驗證碼有更簡單的版本（recaptcha的浮動），而更複雜的變體：挑戰驗證碼是一個高級版本，當基本檢查不能最終確定訪客是否是人類時，它將使用。該系統集成了額外的驗證步驟，以增強安全性，而不會立即為所有用戶負擔複雜的挑戰。

For a basic understanding, here’s the deal: to solve a simple CAPTCHA, everything needed for its solution can be found in the HTML code of the page—namely, the sitekey (you open the page in developer mode and use Ctrl + F to search for “sitekey”). However, with the second variant, that method won’t work because all necessary parameters are generated in JavaScript and cannot simply be extracted from the page’s source code; you need to intercept the data (and that’s a bit more complicated).

為了基本的理解，這是一個交易：要求解簡單的驗證碼，可以在頁面的HTML代碼（即SiteKey）中找到解決方案所需的所有內容（即在開發人員模式下打開頁面，並使用CTRL + F來搜索“ SiteKey”）。但是，對於第二個變體，該方法將無法使用，因為所有必要的參數都是在JavaScript中生成的，並且不能簡單地從頁面的源代碼中提取。您需要攔截數據（這要復雜得多）。

I took the simpler route—I had two URLs, one with a simple Turnstile CAPTCHA and the other with a complex one: https://privacy.deepsync.com/ – here, it’s simple https://crash.chicagopolice.org/ – here, it’s complex

我採用了更簡單的路線 - 我有兩個URL，一個帶有簡單的旋轉碼驗碼，另一個帶有一個複雜的網站：https：//privacy.deepsync.com/ - 在這裡，這很簡單https：//crash.chicagopopolice.org/-在這裡，這很複雜，它很複雜，它很複雜。

The Simple Type of Turnstile CAPTCHA or Bypassing Cloudflare on Python Without “Mom, Dad, and Grandma’s Advice”

不用“媽媽，爸爸和奶奶的建議”，旋轉門驗證碼的簡單類型或繞過Python上的Cloudflare

First things first: let’s tackle the simple CAPTCHA. I searched online for “solve Turnstile CAPTCHA” and once again encountered a popular captcha solve service. Their API was described in detail, but here’s the catch—I didn’t feel like writing code manually, so I delegated the task to my neural network colleague, who, through trial and error, assembled the following solution.

首先：讓我們處理簡單的驗證碼。我在線搜索了“解決旋轉門驗證碼”，並再次遇到了流行的驗證碼求解服務。他們的API詳細描述了，但這是捕獲量 - 我不想手動編寫代碼，因此我將任務委派給了我的神經網絡同事，神經網絡同事通過反複試驗和錯誤，共同組裝了以下解決方案。

The best part about all this is that the script works without any additional files; you simply save everything in one file, install the necessary dependencies, and the script runs. For the script, you need to install Selenium and the requests library, which you can do with the following simple console command:

最好的部分是該腳本無需任何其他文件即可。您只需將所有內容保存在一個文件中，安裝必要的依賴項，然後運行腳本。對於腳本，您需要安裝Selenium和請求庫，您可以使用以下簡單控制台命令進行操作：

pip install selenium requests

PIP安裝硒請求

There is a nuance—this code is adapted for a specific website (mentioned above) and not only bypasses the CAPTCHA but also automatically inputs data on the site.

有一個細微差別 - 該代碼適用於特定網站（上面提到），不僅繞過驗證碼，而且在網站上自動輸入數據。

How the Cloudflare Turnstile Bypass Script Works – A Detailed Breakdown

CloudFlare旋轉柵欄旁路腳本的工作方式 - 詳細的故障

Using the argparse module, the script accepts a 2captcha API key and the URL of the page containing the CAPTCHA. It prompts you to enter them manually in the console (nothing complicated).

使用ArgParse模塊，該腳本接受一個2captcha API鍵和包含CAPTCHA的頁面的URL。它促使您在控制台中手動輸入它們（沒什麼複雜的）。

Then a browser is launched (I did not use headless mode so I could record a video of how everything works), and using WebDriverWait, the script waits for the element with the class .cf-turnstile—which is responsible for displaying the CAPTCHA—to appear on the page. From this element, it extracts the data-sitekey attribute—the unique key needed to interact with the CAPTCHA.

然後啟動了一個瀏覽器（我沒有使用無頭模式，以便我可以錄製有關所有內容的工作方式的視頻），然後使用WebDriverWait，腳本等待class .cf-turnStile（cf-turnstile）等待該元素（負責顯示驗證碼）出現在頁面上。從此元素中，它提取數據siteKey屬性 - 與驗證碼交互所需的唯一密鑰。

Simultaneously, form fields are being filled (this part isn’t of much interest—it was implemented simply so that the script would run to completion).

同時，正在填寫表單字段（此部分並不引起人們的興趣 - 它僅實施了，以便腳本運行到完成）。

After obtaining the necessary parameter, it is sent to the 2captcha server where the CAPTCHA is solved, and the solution (token) is sent back to the script so it can be inserted.

獲得必要的參數後，將其發送到求解驗證碼的2captcha服務器，並將解決方案（令牌）發送回腳本，以便可以插入。

The script then looks for a hidden field on the page into which the token should be inserted (using CSS selectors targeting fields with the name cf-turnstile-response or a specific ID).

然後，該腳本在頁面上尋找一個隱藏的字段，該字段應插入該令牌（使用CSS選擇器定位名稱為CF-TurnStile-Response或特定ID的CSS選擇器）。

Using execute_script, the token is inserted into the located field, after which a change event is created and dispatched, allowing the page to respond to the insertion of the solution. If a callback function is defined on the page (for example, window.tsCallback), it is invoked to notify the page’s script that the

使用execute_script，將令牌插入到定位字段中，然後創建和派遣更改事件，從而允許頁面響應解決方案的插入。如果頁面上定義了回調函數（例如，window.tscallback），請調用以通知頁面的腳本