实验绕过复杂类型的验证码

作为我的科学和研究兴趣的一部分，我决定尝试绕过复杂类型的验证码。

As part of my scientific and research interests, I decided to experiment with bypassing complex types of CAPTCHAs. Well, by “experiment” I mean testing the functionality and verifying that my electronic colleague can write code on my behalf. Yes, there was a lot of extra stuff—follow ethical norms, blah blah blah… But the simple fact remains: dude, I’m doing this solely as part of research, and everyone agreed.

作为我的科学和研究兴趣的一部分，我决定尝试绕过复杂类型的验证码。好吧，通过“实验”，我的意思是测试功能并验证我的电子同事可以代表我编写代码。是的，有很多额外的东西 - 遵循道德准则，等等等等……但是简单的事实仍然是：伙计，我完全是作为研究的一部分来做的，每个人都同意。

I turned my attention to the Cloudflare Turnstile CAPTCHA because I hadn’t encountered this specific type before, and I suggest we proceed step by step. First, let’s explain what Turnstile is for anyone who isn’t in the loop:

我将注意力转移到Cloudflare旋转门验证码上，因为我以前从未遇到过这种特定类型，我建议我们逐步进行。首先，让我们解释一下不在循环中的任何人的旋转门：

What is Turnstile CAPTCHA and Why Can Bypassing Cloudflare Turnstile Be a Real Headache?

什么是旋转门验证码，为什么绕过Cloudflare旋转栅门是一个真正的头痛？

Turnstile is a CAPTCHA solution developed by Cloudflare designed to protect websites from automated access (bots) without creating unnecessary obstacles for users. The main idea is to provide a high level of security with minimal interference in the user experience. In some cases, the user may not even be required to take any additional actions—the verification can occur in the background.

Turnstile是CloudFlare开发的验证码解决方案，旨在保护网站免受自动访问（BOT）的影响，而无需为用户造成不必要的障碍。主要思想是提供高度的安全性，对用户体验的干扰最少。在某些情况下，可能甚至不需要用户采取任何其他措施 - 验证可能会在后台进行。

But not in my case, as both types of Turnstile CAPTCHAs I bypassed were visibly rendered.

但就我而言，这并非如此，因为两种类型的旋转码验证码绕过了明显的渲染。

Turnstile CAPTCHA comes in a simpler version—reminiscent of reCAPTCHA—and a more complex variant: Challenge CAPTCHA is an advanced version that is employed when basic checks don’t conclusively determine whether the visitor is human. This system integrates extra verification steps to enhance security without immediately burdening all users with complex challenges.

旋转门验证码有更简单的版本（recaptcha的浮动），而更复杂的变体：挑战验证码是一个高级版本，当基本检查不能最终确定访客是否是人类时，它将使用。该系统集成了额外的验证步骤，以增强安全性，而不会立即为所有用户负担复杂的挑战。

For a basic understanding, here’s the deal: to solve a simple CAPTCHA, everything needed for its solution can be found in the HTML code of the page—namely, the sitekey (you open the page in developer mode and use Ctrl + F to search for “sitekey”). However, with the second variant, that method won’t work because all necessary parameters are generated in JavaScript and cannot simply be extracted from the page’s source code; you need to intercept the data (and that’s a bit more complicated).

为了基本的理解，这是一个交易：要求解简单的验证码，可以在页面的HTML代码（即SiteKey）中找到解决方案所需的所有内容（即在开发人员模式下打开页面，并使用CTRL + F来搜索“ SiteKey”）。但是，对于第二个变体，该方法将无法使用，因为所有必要的参数都是在JavaScript中生成的，并且不能简单地从页面的源代码中提取。您需要拦截数据（这要复杂得多）。

I took the simpler route—I had two URLs, one with a simple Turnstile CAPTCHA and the other with a complex one: https://privacy.deepsync.com/ – here, it’s simple https://crash.chicagopolice.org/ – here, it’s complex

我采用了更简单的路线 - 我有两个URL，一个带有简单的旋转码验码，另一个带有一个复杂的网站：https：//privacy.deepsync.com/ - 在这里，这很简单https：//crash.chicagopopolice.org/-在这里，这很复杂，它很复杂，它很复杂。

The Simple Type of Turnstile CAPTCHA or Bypassing Cloudflare on Python Without “Mom, Dad, and Grandma’s Advice”

不用“妈妈，爸爸和奶奶的建议”，旋转门验证码的简单类型或绕过Python上的Cloudflare

First things first: let’s tackle the simple CAPTCHA. I searched online for “solve Turnstile CAPTCHA” and once again encountered a popular captcha solve service. Their API was described in detail, but here’s the catch—I didn’t feel like writing code manually, so I delegated the task to my neural network colleague, who, through trial and error, assembled the following solution.

首先：让我们处理简单的验证码。我在线搜索了“解决旋转门验证码”，并再次遇到了流行的验证码求解服务。他们的API详细描述了，但这是捕获量 - 我不想手动编写代码，因此我将任务委派给了我的神经网络同事，神经网络同事通过反复试验和错误，共同组装了以下解决方案。

The best part about all this is that the script works without any additional files; you simply save everything in one file, install the necessary dependencies, and the script runs. For the script, you need to install Selenium and the requests library, which you can do with the following simple console command:

最好的部分是该脚本无需任何其他文件即可。您只需将所有内容保存在一个文件中，安装必要的依赖项，然后运行脚本。对于脚本，您需要安装Selenium和请求库，您可以使用以下简单控制台命令进行操作：

pip install selenium requests

PIP安装硒请求

There is a nuance—this code is adapted for a specific website (mentioned above) and not only bypasses the CAPTCHA but also automatically inputs data on the site.

有一个细微差别 - 该代码适用于特定网站（上面提到），不仅绕过验证码，而且在网站上自动输入数据。

How the Cloudflare Turnstile Bypass Script Works – A Detailed Breakdown

CloudFlare旋转栅栏旁路脚本的工作方式 - 详细的故障

Using the argparse module, the script accepts a 2captcha API key and the URL of the page containing the CAPTCHA. It prompts you to enter them manually in the console (nothing complicated).

使用ArgParse模块，该脚本接受一个2captcha API键和包含CAPTCHA的页面的URL。它促使您在控制台中手动输入它们（没什么复杂的）。

Then a browser is launched (I did not use headless mode so I could record a video of how everything works), and using WebDriverWait, the script waits for the element with the class .cf-turnstile—which is responsible for displaying the CAPTCHA—to appear on the page. From this element, it extracts the data-sitekey attribute—the unique key needed to interact with the CAPTCHA.

然后启动了一个浏览器（我没有使用无头模式，以便我可以录制有关所有内容的工作方式的视频），然后使用WebDriverWait，脚本等待class .cf-turnStile（cf-turnstile）等待该元素（负责显示验证码）出现在页面上。从此元素中，它提取数据siteKey属性 - 与验证码交互所需的唯一密钥。

Simultaneously, form fields are being filled (this part isn’t of much interest—it was implemented simply so that the script would run to completion).

同时，正在填写表单字段（此部分并不引起人们的兴趣 - 它仅实施了，以便脚本运行到完成）。

After obtaining the necessary parameter, it is sent to the 2captcha server where the CAPTCHA is solved, and the solution (token) is sent back to the script so it can be inserted.

获得必要的参数后，将其发送到求解验证码的2captcha服务器，并将解决方案（令牌）发送回脚本，以便可以插入。

The script then looks for a hidden field on the page into which the token should be inserted (using CSS selectors targeting fields with the name cf-turnstile-response or a specific ID).

然后，该脚本在页面上寻找一个隐藏的字段，该字段应插入该令牌（使用CSS选择器定位名称为CF-TurnStile-Response或特定ID的CSS选择器）。

Using execute_script, the token is inserted into the located field, after which a change event is created and dispatched, allowing the page to respond to the insertion of the solution. If a callback function is defined on the page (for example, window.tsCallback), it is invoked to notify the page’s script that the

使用execute_script，将令牌插入到定位字段中，然后创建和派遣更改事件，从而允许页面响应解决方案的插入。如果页面上定义了回调函数（例如，window.tscallback），请调用以通知页面的脚本