Developing a Script for Bypassing GeeTest CAPTCHA in Python: From Idea to Execution

 

Introduction — or why cracking GeeTest CAPTCHA is nothing like a new Haval



Lately you’ll find Chinese-goods and services in virtually every niche. And when you hear “this is a Chinese development,” you might smile and recall the Internet in the 90s: “Glasses n-n-needed?” Yet despite the jokes, one thing the Chinese have actually nailed is anti-bot protection — in particular, GeeTest CAPTCHA, a system that many optimisers shed salty tears over while trying to bypass it.

Why did the Chinese team pivot from import-cars to hardcore spam-protection? One guess (admittedly subjective) is this: GeeTest is used not only for exports but also internally in China — which means they really build it for themselves. The official description: GeeTest CAPTCHA is a modern protection system, widely used across web-services to prevent automated requests. Its core is a dynamic puzzle-slider: the user drags a piece of an image into a cut-out.

I got curious about how this CAPTCHA works — and what pit­falls you’ll run into when writing a solver. Let’s dig in.

Quick note — I’ll focus on bypassing GeeTest via a captcha-solving service (my choice: 2Captcha).

How GeeTest CAPTCHA Works — a challenge for even veteran developers

GeeTest consists of two main protection layers:

  1. The slider component.
    On each request the server dynamically generates a unique background image with a “hole” plus a puzzle fragment. This complicates use of pre-built solutions. The user drags the fragment so it fits exactly. During dragging the system records:

    • final position of the puzzle piece

    • the trajectory of the slider movement

    • time intervals between actions

  2. Behavioral data analysis.
    This component doesn’t act alone—it’s integrated at every stage: how the user moved the mouse, how the drag was performed, cursor jitter, etc. These subtle behaviours matter.

Finally, server validation: after the drag the browser sends movement and positioning data to the server, which compares it to expected parameters.

This multi-level strategy makes robot-emulation much harder and raises the bar for an automated bypass.

The technology above characterises GeeTest version 4 (GeeTest V4). Its predecessor, version 3, lacked invisible-mode checking and had a simpler behavioral analysis. In practice, both V3 and V4 are much tougher to beat than, say, reCAPTCHA (fortunately GeeTest is less common in Europe).

What are the quirks — and why automating this CAPTCHA is not trivial

With a standard CAPTCHA like reCAPTCHA you might: find the widget on the page, extract certain static parameters, send them to a solving service, wait for the result. Static parameters = easier automation.

With GeeTest it’s not so straightforward. It mixes static and dynamic parameters which must be retrieved each time the CAPTCHA loads.

Example:

  • GeeTest V3 uses static: websiteURL (page URL), gt value.
    Dynamic: challenge — generated on page load (must be fresh, or the CAPTCHA is invalid).

  • GeeTest V4 replaces gt and challenge with an object initParameters which must include captcha_id (site-specific configuration ID).

Technically this seems simple — but remember: these parameters are not merely in the HTML of the page. They are often generated after interaction with the widget. That means you must emulate user behaviour (which itself might raise red flags in GeeTest’s system) and often use proxies. So each added requirement creates another layer of complexity.

I’m going to try to bypass GeeTest on a test page (where it’s less aggressive and probably doable without proxies) — but in real deployment remember: proxies may be necessary.

Getting ready for implementation of the bypass

Having covered the technical dive, let’s move to the hands-on: how to actually build the bypass.

Here’s what you’ll need:

  • Python 3 — download from python.org, install ensuring “add to PATH” is checked.

  • pip — usually installed with Python. Verify with:

    pip --version

  • Required Python libraries: requests and selenium

    pip install requests selenium

  • ChromeDriver — separate utility to allow Selenium to control Google Chrome. Install steps:

    • find your Chrome version (“About Chrome”)

    • download matching ChromeDriver from the official site

    • either put chromedriver in a folder on your PATH or specify its path in Selenium code:

      driver = webdriver.Chrome(executable_path='/path/to/chromedriver', options=options)

  • API key from a captcha-solving service (I’ll show how to use 2Captcha below).

The Python script — from reading, to trying

Below is the script (full code not repeated here) and explanation of what it does and how it works.

Broad strokes:

  • Imports: re, time, json, argparse, requests, plus Selenium modules.

  • Constants: API_KEY, CREATE_TASK_URL, GET_TASK_RESULT_URL for 2Captcha.

  • Functions:

    • extract_geetest_v3_params(html) — takes HTML, uses regex to find gt and challenge.

    • extract_geetest_v4_params(html) — extracts captcha_id from HTML.

    • get_geetest_v3_params_via_requests(website_url) — for demo pages returns static sample values (avoids split()-fail).

    • auto_extract_params(website_url) — determines version (v3 or v4), initializes Selenium driver, loads page, possibly clicks widget for v4, and returns driver object + version identifier + required parameters.

    • create_geetest_v3_task(...) / create_geetest_v4_task(...) — create task via 2Captcha API for respective versions.

    • get_task_result(task_id, retry_interval=5, max_retries=20) — polls 2Captcha until solution is ready or times out.

    • main() — orchestrates argument parsing (--website-url, optional proxy specs), sets up proxyless or proxy mode, calls auto_extract_params, create task, wait for result, then inject solution into the page via driver.execute_script, waits 30 sec, quits driver.

What it accomplishes:

  • Runs browser with ChromeDriver via Selenium, loads the page, extracts necessary dynamic parameters.

  • Sends task to 2Captcha, receives solution JSON.

  • Injects solution into the web page (hidden form fields or innerHTML replacement) to “trick” the site into believing CAPTCHA is passed.

  • Leaves browser open for 30 seconds so you can visually verify that “CAPTCHA passed” appears.

Conclusion

In this article I’ve walked through how GeeTest CAPTCHA works and attempted to show that you can bypass it even with minimal programming skills (yes, Python counts!). But caution: you must carefully extract all the parameters and correctly emulate browser behaviour, or you may spend hours stuck with a dynamic challenge that refuses to validate (been there, done that).

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

How to Bypass reCAPTCHA v2 Using Tampermonkey and 2Captcha API

Изображение
  https://2captcha.com/h/how-to-bypass-captcha-using-tampermonkey As a technical specialist, I often deal with websites that use reCAPTCHA v2 to block bots and automation. While this is understandable from a security perspective, there are legitimate cases — such as automated testing, data scraping, or form submissions — where bypassing captchas in a controlled environment becomes necessary. In this article, I’ll walk you through how to automate solving reCAPTCHA v2 using the Tampermonkey browser extension and the 2Captcha API , with a fully functional userscript written in JavaScript. Prerequisites Before we start, ensure you have the following: ✅ Tampermonkey installed in your browser ( Download here ) ✅ An active 2Captcha.com account and API key ✅ Basic knowledge of JavaScript and how to inspect elements in the browser Installing and Setting Up Tampermonkey Go to tampermonkey.net and install the extension for your preferred browser. Click the Tampermonkey icon...
Далее...

Roblox captcha solver

Изображение
  https://2captcha.com/ Roblox is a popular online gaming platform that uses CAPTCHAs to prevent bots and automated attacks. 2Captcha is a service that offers a CAPTCHA solving service for Roblox. The service works by taking the necessary parameters from the page of the CAPTCHA placement and transferring them to the 2Captcha service, where an employee solves it, and the answer is returned to the user in the form of a set of parameters that must be passed to the appropriate fields to solve the CAPTCHA. 2Captcha supports various programming languages, including C#, C++, Java, PHP, Python, and Ruby.  To use 2Captcha to solve a Roblox CAPTCHA, you need to follow these steps: 1. Get the necessary parameters from the page of the CAPTCHA placement. 2. Transfer the parameters to the 2Captcha service. 3. Wait for the service to solve the CAPTCHA. 4. Receive the answer in the form of a set of parameters. 5. Pass the parameters to the appropriate fields to solve the CAPTCHA. It is import...
Далее...

🤖 How I Outsmarted reCAPTCHA Using Greasy Fork and 2Captcha (Yes, Really)

Изображение
  Okay, story time. You know those annoying “I’m not a robot” checkboxes? Yeah, the ones that always show up right when you’re in a rush — and then make you click on 12 blurry pictures of buses, traffic lights, and… is that a fire hydrant? Who even knows. Well, I got tired of wasting time and figured out how to solve them automatically using something called Greasy Fork , a cool browser extension manager, and 2Captcha , an online service that handles captchas for you. No more clicking. No more guessing. Just poof — done. 🧰 What You’ll Need Here’s your captcha-fighting starter pack: 🧠 A 2Captcha account and your API key 🧩 Tampermonkey (or Violentmonkey) installed in your browser 📜 A userscript from Greasy Fork (or just copy-paste the one below) ⚙️ Some very basic JavaScript knowledge (or a friend who has it) No need for bots, backends, or PhDs in engineering. Just your browser, a bit of copy-pasting, and some digital wizardry. 🦾 What the Script Does (Li...
Далее...