An essential tool for penetration testers and security professionals, allowing you to bypass CAPTCHA protection during web application testing.
Extension UI preview
- Features
- Demonstration Video
- Getting Started
- Usage
- Real-world Examples
- Building from Source
- Compatibility
- FAQ
- Contributing
- License
-
Automatic CAPTCHA Solving:
- reCAPTCHA v2
- reCAPTCHA v3
-
Support for Popular Services:
-
Robust Architecture:
- Configurable thread management
- Retry logic with error handling
- Statistics tracking
- High load detection
- Custom timeout configuration
This video was created to demonstrate the real-world application of the reSolver plugin for BurpSuite. In this video, we show an example of using it together with BurpSuite's built-in tool - Intruder. The video demonstrates that in just 1 minute, we successfully send 100 requests to the server across 10 threads and successfully bypass reCAPTCHA v2 verification.
- Burp Suite (latest version recommended)
- Java 11+
- Account with one of the supported CAPTCHA solving services
- Download the latest version of the extension from GitHub Releases
- In Burp Suite, go to Extensions β Installed
- Click "Add" and select the downloaded JAR file
- After loading, the extension will be ready to use
- Go to the "Services" tab
- Enter your API keys for one or more services
- Enable the services you want to use
- The balance will be automatically checked and displayed when a valid API key is entered
Add CAPTCHA placeholders to your requests using the following format:
{{CAPTCHA[:]TYPE[:]SITEKEY[:]URL[:][OPTIONAL_PARAMS]}}
Where:
TYPEis the CAPTCHA type code (e.g.,recaptchav2,recaptchav3)SITEKEYis the site key for the CAPTCHAURLis the URL where the CAPTCHA is locatedOPTIONAL_PARAMSare additional parameters as key-value pairs (comma-separated)
The following optional parameters are supported:
-
timeout_seconds- Custom timeout duration for CAPTCHA solving (default: 30 seconds)- Minimum value: 10 seconds
- Maximum value: 120 seconds
- Example:
timeout_seconds=60to set a 60-second timeout
-
invisible- Indicates that the reCAPTCHA v2 is an invisible type- Example:
invisibleto mark the CAPTCHA as invisible
- Example:
-
enterprise- Indicates that the reCAPTCHA is an enterprise version- Example:
enterpriseto use enterprise solving methods
- Example:
-
For reCAPTCHA v3:
action- The action name for reCAPTCHA v3 (default: "verify")min_score- Minimum score threshold for reCAPTCHA v3 (default: varies by service)
reCAPTCHA v2 with default timeout:
{{CAPTCHA[:]recaptchav2[:]6LcwIQwfAAAAANmAYa9nt-J_x0Sfh6QcY-x1Vioe[:]https://example.com}}
reCAPTCHA v2 with custom timeout (60 seconds):
{{CAPTCHA[:]recaptchav2[:]6LcwIQwfAAAAANmAYa9nt-J_x0Sfh6QcY-x1Vioe[:]https://example.com[:]timeout_seconds=60}}
reCAPTCHA v2 Enterprise invisible with custom timeout:
{{CAPTCHA[:]recaptchav2[:]6LcwIQwfAAAAANmAYa9nt-J_x0Sfh6QcY-x1Vioe[:]https://example.com[:]invisible,enterprise,timeout_seconds=60}}
reCAPTCHA v3 with default parameters:
{{CAPTCHA[:]recaptchav3[:]6LcwIQwfAAAAANmAYa9nt-J_x0Sfh6QcY-x1Vioe[:]https://example.com}}
reCAPTCHA v3 Enterprise with action and min_score:
{{CAPTCHA[:]recaptchav3[:]6LcwIQwfAAAAANmAYa9nt-J_x0Sfh6QcY-x1Vioe[:]https://example.com[:]enterprise,action=login,min_score=0.7}}
Navigate to the "Statistics" tab to view metrics about:
- Number of attempts (success/failure)
- Average solving time
- Success rate per CAPTCHA type and service
These examples demonstrate how to use reSolver with the 2Captcha demo site. You can test these examples to see the extension in action.
View
POST /api/v1/captcha-demo/recaptcha/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6LfD3PIbAAAAAJs_eEHvoOl75_83eXSqpPSRFJ_u",
"answer": "{{CAPTCHA[:]recaptchav2[:]6LfD3PIbAAAAAJs_eEHvoOl75_83eXSqpPSRFJ_u[:]https://2captcha.com/demo/recaptcha-v2}}"
}View
POST /api/v1/captcha-demo/recaptcha/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6LdO5_IbAAAAAAeVBL9TClS19NUTt5wswEb3Q7C5",
"answer": "{{CAPTCHA[:]recaptchav2[:]6LdO5_IbAAAAAAeVBL9TClS19NUTt5wswEb3Q7C5[:]https://2captcha.com/demo/recaptcha-v2-invisible[:]invisible}}"
}View
POST /api/v1/captcha-demo/recaptcha/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6LfD3PIbAAAAAJs_eEHvoOl75_83eXSqpPSRFJ_u",
"answer": "{{CAPTCHA[:]recaptchav2[:]6LfD3PIbAAAAAJs_eEHvoOl75_83eXSqpPSRFJ_u[:]https://2captcha.com/demo/recaptcha-v2-callback}}"
}View
POST /api/v1/captcha-demo/recaptcha-enterprise/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6Lf26sUnAAAAAIKLuWNYgRsFUfmI-3Lex3xT5N-s",
"token": "{{CAPTCHA[:]recaptchav2[:]6Lf26sUnAAAAAIKLuWNYgRsFUfmI-3Lex3xT5N-s[:]https://2captcha.com/demo/recaptcha-v2-enterprise[:]enterprise}}"
}View
POST /api/v1/captcha-demo/recaptcha/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6Lcyqq8oAAAAAJE7eVJ3aZp_hnJcI6LgGdYD8lge",
"answer": "{{CAPTCHA[:]recaptchav3[:]6Lcyqq8oAAAAAJE7eVJ3aZp_hnJcI6LgGdYD8lge[:]https://2captcha.com/demo/recaptcha-v3[:]min_score=0.7}}"
}View
POST /api/v1/captcha-demo/recaptcha-enterprise/verify HTTP/2
Host: 2captcha.com
Content-Type: application/json
{
"siteKey": "6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b",
"token": "{{CAPTCHA[:]recaptchav3[:]6Lel38UnAAAAAMRwKj9qLH2Ws4Tf2uTDQCyfgR6b[:]https://2captcha.com/demo/recaptcha-v3-enterprise[:]enterprise,min_score=0.9}}"
}-
Clone the repository:
git clone https://github.com/TheQmaks/reSolver.git cd reSolver -
Build using Gradle:
./gradlew build
or for Windows:
gradlew.bat build
-
Find the JAR file in the
build/libsdirectory -
Load the extension in Burp Suite from the Extensions tab
- Burp Suite: 2024.x and newer
- Java: 11 and newer
- Operating Systems: Windows, macOS, Linux
Which CAPTCHA solving service is the best?
Each service has its advantages. 2Captcha is typically cheaper, while Anti-Captcha and CapMonster are often faster. We recommend configuring multiple services with different priorities for optimal results.
How do I find the SiteKey for a CAPTCHA?
Usually, the SiteKey can be found in the page source code. Look at the HTML code and find the "data-sitekey" attribute in a div element with class "g-recaptcha" or similar.
Why does CAPTCHA solving take a long time?
Solving time depends on the workload of the chosen service. During high demand periods, waiting times can increase. You can adjust the timeout using the timeout_seconds parameter.
Contributions are welcome! If you want to contribute:
- Fork the repository
- Create a branch for your changes:
git checkout -b feature/amazing-feature
- Make your changes and commit them:
git commit -m 'Add some amazing feature' - Push to your fork:
git push origin feature/amazing-feature
- Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This means you are free to:
- Use, copy, modify, and distribute the software
- Use the software for commercial purposes
- Sublicense and distribute copies of the software as part of your own projects
Under the following terms:
- The original copyright notice and permission notice shall be included in all copies or substantial portions of the software
- The software is provided "as is", without any warranties