IR Captcha Solver

Documentation

Local captcha-solving HTTP sidecar — zero per-solve cost

🛡️ Turnstile🔒 reCAPTCHA🤖 hCaptcha☁️ Cloudflare🔶 AWS WAF

📑 Contents

⚡ Quick Start

The solver runs as an HTTP API on port 8877. Send a POST /solve with the captcha type, sitekey, and URL — get back a solved token.

curl -X POST http://127.0.0.1:8877/solve \
  -H "Content-Type: application/json" \
  -d '{
    "type": "turnstile",
    "sitekey": "0x4AAAAAAA...",
    "url": "https://target.com"
  }'

Response:

{
  "type": "turnstile",
  "solved": true,
  "token": "0.eyJhbGciOiJFUzI1...",
  "method": "route",
  "elapsed": 8.1,
  "expires_in": 300
}
💡 Key concept: Read the solved field — it's the uniform success signal across ALL captcha types. Don't branch per-type.

🔐 Authentication

Requests from 127.0.0.1 (localhost) require no auth. Remote requests need a Bearer token on protected endpoints.

EndpointAuth
GET / (Dashboard)Public
GET /healthPublic
GET /docs (Swagger)Public
GET /guidePublic
POST /solveBearer Token
GET /statusBearer Token
GET /logsBearer Token
# Remote usage — add Authorization header
curl -X POST https://ircaptcha.isrealllairdrop.net/solve \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json" \
  -d '{"type":"turnstile","sitekey":"0x4AAA...","url":"https://target.com"}'

📡 Endpoints

MethodPathDescription
GET/Dashboard UI
GET/healthLiveness + supported types
GET/guideThis documentation
GET/docsSwagger UI (interactive API docs)
POST/solveSolve a captcha → returns token
GET/statusService status + running tasks
GET/logsRecent solve events (last 100)

🎯 Captcha Types

🛡️ Turnstile

Engine: CloakBrowser only (no AI). Route-intercept serves a fake page, widget solves itself, token extracted. ~8s avg.

FieldRequiredNote
type"turnstile"
sitekeyFrom target page HTML
urlPage the captcha is on
actionTurnstile action string
cdataCustomer data bound to token
real_pageNavigate real site instead of stub

🔒 reCAPTCHA

Engine: CloakBrowser (v3/invisible = no AI, pure execute). v2 checkbox with image grid = Mistral Vision fallback. ~6s avg.

FieldRequiredNote
type"recaptcha"
sitekeySite key
urlPage URL
versionv2 (default) | v3 | invisible
actionv3/invisible action (default: submit)
enterprisetrue for Enterprise keys
secretv3 only: site's secret key to get score

🤖 hCaptcha

Engine: CloakBrowser + Mistral Vision (numbered-grid, 1 API call per challenge). ~20s avg.

FieldRequiredNote
type"hcaptcha"
sitekeySite key
urlPage URL
action"invisible" for execute path

☁️ Cloudflare Clearance

Engine: CloakBrowser only. Passes full-page interstitial → returns cf_clearance cookie. No sitekey needed.

⚠️ Replay contract: cf_clearance is bound to IP + JA3/TLS + User-Agent. Replay from the same proxy IP with the exact returned user_agent.

🔶 AWS WAF

Engine: CloakBrowser only. Silent JS challenge → aws-waf-token cookie. No sitekey needed.

⚠️ Silent challenge only — no interactive visual puzzle support. Same replay contract as Cloudflare.

🐍 Python Examples

Basic Turnstile Solve

import httpx

SOLVER = "http://127.0.0.1:8877"

r = httpx.post(f"{SOLVER}/solve", json={
    "type": "turnstile",
    "sitekey": "0x4AAAAAAA...",
    "url": "https://target.com/register"
}, timeout=90)

data = r.json()
if data["solved"]:
    print(f"Token: {data['token'][:50]}...")
else:
    print(f"Failed: {data.get('error')}")

Auto-Register with Captcha

import httpx

SOLVER = "http://127.0.0.1:8877"

# Step 1: Solve the captcha
solve = httpx.post(f"{SOLVER}/solve", json={
    "type": "turnstile",
    "sitekey": "0x4AAAAAAA...",
    "url": "https://target.com/signup"
}, timeout=90).json()

if not solve["solved"]:
    raise Exception(f"Captcha failed: {solve.get('error')}")

# Step 2: Register with the token
r = httpx.post("https://target.com/api/register", json={
    "email": "user@mail.com",
    "password": "securepass123",
    "cf-turnstile-response": solve["token"]
})
print(f"Register: {r.status_code}")

reCAPTCHA v3 Enterprise

r = httpx.post(f"{SOLVER}/solve", json={
    "type": "recaptcha",
    "version": "v3",
    "enterprise": True,
    "sitekey": "6Lc...",
    "url": "https://target.com/login",
    "action": "login"
}, timeout=90).json()

print(f"Solved: {r['solved']}, Score method: {r['method']}")

Cloudflare Clearance + Replay

# Solve clearance
cf = httpx.post(f"{SOLVER}/solve", json={
    "type": "cloudflare",
    "url": "https://protected-site.com",
    "proxy": "http://user:pass@resi-proxy:port"
}, timeout=90).json()

if cf["solved"]:
    # Replay with curl-impersonate or matching TLS
    cookies = {c["name"]: c["value"] for c in cf["cookies"]}
    headers = cf["headers"]  # includes exact User-Agent
    print(f"cf_clearance: {cf['cf_clearance']['value'][:30]}...")

🔧 cURL Examples

Turnstile

curl -s -X POST http://127.0.0.1:8877/solve \
  -H "Content-Type: application/json" \
  -d '{"type":"turnstile","sitekey":"0x4AAA...","url":"https://target.com"}' \
  | jq '.token'

reCAPTCHA v2

curl -s -X POST http://127.0.0.1:8877/solve \
  -H "Content-Type: application/json" \
  -d '{"type":"recaptcha","version":"v2","sitekey":"6Lf...","url":"https://target.com/form"}' \
  | jq '.'

AWS WAF

curl -s -X POST http://127.0.0.1:8877/solve \
  -H "Content-Type: application/json" \
  -d '{"type":"awswaf","url":"https://waf-protected.com","proxy":"http://u:p@ip:port"}' \
  | jq '.aws_waf_token'

📦 Node.js Examples

const SOLVER = "http://127.0.0.1:8877";

async function solveCaptcha(type, sitekey, url, opts = {}) {
  const r = await fetch(`${SOLVER}/solve`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ type, sitekey, url, ...opts }),
  });
  return r.json();
}

// Usage
const result = await solveCaptcha("turnstile", "0x4AAA...", "https://target.com");
if (result.solved) {
  console.log("Token:", result.token.slice(0, 50));
}

🔗 Script Integration Guide

The typical flow for any auto-register / auto-login / airdrop farming script:

┌─────────────────────────────────┐
│  Your Script (Python/Node/etc)  │
│                                 │
│  1. Open target page / API      │
│  2. Find sitekey in HTML        │
│  3. POST /solve → get token     │──── captcha-solver (:8877)
│  4. Submit form with token      │         │
│  5. Continue automation         │    CloakBrowser
└─────────────────────────────────┘    (headless Chromium)

How to find the sitekey

Look in the target page HTML for these patterns:

<!-- Turnstile -->
<div class="cf-turnstile" data-sitekey="0x4AAAAAAA...">

<!-- reCAPTCHA -->
<div class="g-recaptcha" data-sitekey="6LcXXXX...">
<script src="...recaptcha/api.js?render=6LcXXXX...">

<!-- hCaptcha -->
<div class="h-captcha" data-sitekey="xxxxxxxx-xxxx-...">
💡 Tip: For Cloudflare and AWS WAF, there's no sitekey — they're page-level challenges. Just pass type + url.

⚙️ Advanced Features

Real Page Mode

Some sites reject tokens from route-intercepted pages. Use real_page: true to navigate the actual site:

{"type": "turnstile", "real_page": true,
 "url": "https://app.example.com/login",
 "sitekey": "0x4AAA..."}

Pre-Actions

Steps to run before solving (e.g., click buttons, fill forms to make captcha appear):

"pre_actions": [
  {"type": "click", "selector": "text=Continue with Email"},
  {"type": "fill", "selector": "input[type=email]", "value": "user@ex.com"},
  {"type": "click", "selector": "button[type=submit]"},
  {"type": "wait", "value": "2"}
]

Supported selectors: CSS (default), //xpath, text=..., regex=..., role=button[name='X']

Post-Fetch

API calls from the same browser session after solving (keeps cookies/origin):

"post_fetch": [
  {"url": "https://api.example.com/verify",
   "method": "POST",
   "body": {"token": "__TOKEN__"}}
]

Use __TOKEN__ placeholder — it's replaced with the solved token.

📤 Response Format

Two rules — 2xx → read solved; non-2xx → read detail. Never both.

Success (200)

{"type": "turnstile", "solved": true,
 "token": "0.eyJ...", "method": "route",
 "elapsed": 8.1, "expires_in": 300}

Failed but ran (200)

{"type": "turnstile", "solved": false,
 "error": "Token not received via route-intercept",
 "elapsed": 22.3}

Never ran (4xx/5xx)

{"detail": "sitekey is required for type=turnstile"}

❌ Error Codes

CodeWhen
400Bad type, missing sitekey/url, SSRF-blocked host
403Invalid or missing Bearer token (remote only)
408Exceeded timeout_s deadline
422Request body failed schema validation
500Solver crashed (browser launch failure, etc)

🔧 Environment Variables

VariableDefaultEffect
PORT8877Listen port
DISPLAY:99X display for headed browser
TURNSTILE_HEADLESS01 = headless (lower success)
TURNSTILE_PROXYProxy URL for Turnstile/CF/WAF
TURNSTILE_GEOIP1 = align tz/locale to proxy IP
RECAPTCHA_HEADLESS01 = headless (more detected)
RECAPTCHA_PROXYProxy URL for reCAPTCHA
🔗 More: Swagger UI has interactive "Try it out" with dropdown examples per type. Dashboard for live solving + logs.