Amazon | AWS WAF Captcha and Challenge
Examples of tasks
Solving captcha and challenge in AWS WAF.
Attention!
Built-in proxies are used by default — their cost is already included in the service. You only need to specify your own proxies in cases where the website does not accept the token or access to the built-in services is restricted.
If you are using a proxy, please use a proxy with username and password authentication.
Built-in proxies are used by default — their cost is already included in the service. You only need to specify your own proxies in cases where the website does not accept the token or access to the built-in services is restricted.
If you are using a proxy, please use a proxy with username and password authentication.
IMPORTANT: Some parameter values are dynamic — they change with each render of the page using Amazon (AWS WAF). Extract them immediately before creating the task to avoid errors during solving.
Option 1
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
String | Required | AmazonTask |
websiteURL |
String | Required | The main page address where the captcha is solved. |
websiteKey |
String | Required | Can be found in the apiKey field when rendering captcha. |
captchaScript |
String | Required | Link to jsapi.js on the HTML page, looks like <Integration URL>/jsapi.js. |
cookieSolution |
Boolean | Optional | Default is false — the response will include "captcha_voucher" and "existing_token". If you need the "aws-waf-token" cookie, set to true. |
userAgent |
String | Optional | Browser User-Agent. Pass only a valid UA from Windows OS. |
proxyType |
String | Optional | http - regular http/https proxy; https - try this option only if "http" doesn't work; socks4 - socks4 proxy; socks5 - socks5 proxy. |
proxyAddress |
String | Optional | IPv4/IPv6 proxy IP address. Not allowed: transparent proxies or local machine proxies. |
proxyPort |
Integer | Optional | Proxy port. |
proxyLogin |
String | Optional | Proxy server login. |
proxyPassword |
String | Optional | Proxy server password. |
Create Task - Option 1 (without proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com/index.html",
"websiteKey": "h15hX7brbaRTR...Za1_1",
"userAgent": "userAgentPlaceholder",
"captchaScript": "https://234324vgvc23.yejk.captcha-sdk.awswaf.com/234324vgvc23/jsapi.js",
"cookieSolution": true
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Create Task - Option 1 (with proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com/index.html",
"websiteKey": "h15hX7brbaRTR...Za1_1",
"userAgent": "userAgentPlaceholder",
"captchaScript": "https://234324vgvc23.yejk.captcha-sdk.awswaf.com/234324vgvc23/jsapi.js",
"cookieSolution": true,
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Option 2
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
String | Required | AmazonTask |
websiteURL |
String | Required | The main page address where the captcha is solved. |
challengeScript |
String | Required | Link to challenge.js. |
websiteKey |
String | Required | A string that can be obtained from the HTML captcha page or using JavaScript: window.gokuProps.key. |
context |
String | Required | A string that can be obtained from the HTML captcha page or using JavaScript: window.gokuProps.context. |
iv |
String | Required | A string that can be obtained from the HTML captcha page or using JavaScript: window.gokuProps.iv. |
captchaScript |
String | Optional | Link to captcha.js (may be absent if only a challenge is present). |
cookieSolution |
Boolean | Optional | Default is false — the response will include "captcha_voucher" and "existing_token". If you need the "aws-waf-token" cookie, set to true. |
proxyType |
String | Optional | http - regular http/https proxy; https - try this option only if "http" doesn't work; socks4 - socks4 proxy; socks5 - socks5 proxy. |
proxyAddress |
String | Optional | IPv4/IPv6 proxy IP address. Not allowed: transparent proxies or local machine proxies. |
proxyPort |
Integer | Optional | Proxy port. |
proxyLogin |
String | Optional | Proxy server login. |
proxyPassword |
String | Optional | Proxy server password. |
Create Task - Option 2 (without proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com",
"challengeScript": "https://41bcdd4fb3cb.610cd090.us-east-1.token.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/challenge.js",
"captchaScript": "https://41bcdd4fb3cb.610cd090.us-east-1.captcha.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/captcha.js",
"websiteKey": "AQIDA...wZwdADFLWk7XOA==",
"context": "qoJYgnKsc...aormh/dYYK+Y=",
"iv": "CgAAXFFFFSAAABVk",
"cookieSolution": true
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Create Task - Option 2 (with proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com",
"challengeScript": "https://41bcdd4fb3cb.610cd090.us-east-1.token.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/challenge.js",
"captchaScript": "https://41bcdd4fb3cb.610cd090.us-east-1.captcha.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/captcha.js",
"websiteKey": "AQIDA...wZwdADFLWk7XOA==",
"context": "qoJYgnKsc...aormh/dYYK+Y=",
"iv": "CgAAXFFFFSAAABVk",
"cookieSolution": true,
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Option 3 (Invisible Captcha)
If the site uses an invisible captcha and only challenge.js is loaded, use this option. In this case, you don't need to pass all parameters from Option 2 — they can remain empty. Pass only the challenge.js value.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
String | Required | AmazonTask |
websiteURL |
String | Required | The main page address where the captcha is solved. |
challengeScript |
String | Required | Link to challenge.js. |
context |
String | Required | Provide an empty string. |
iv |
String | Required | Provide an empty string. |
cookieSolution |
Boolean | Optional | Set to true to get the "aws-waf token". |
proxyType |
String | Optional | http - regular http/https proxy; https - try this option only if "http" doesn't work; socks4 - socks4 proxy; socks5 - socks5 proxy. |
proxyAddress |
String | Optional | IPv4/IPv6 proxy IP address. |
proxyPort |
Integer | Optional | Proxy port. |
proxyLogin |
String | Optional | Proxy server login. |
proxyPassword |
String | Optional | Proxy server password. |
Create Task - Option 3 (without proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com",
"challengeScript": "https://41bcdd4fb3cb.610cd090.us-east-1.token.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/challenge.js",
"context": "",
"iv": "",
"cookieSolution": true
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Create Task - Option 3 (with proxy)
POST https://captcha69.com/createTask
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"task": {
"type": "AmazonTask",
"websiteURL": "https://example.com",
"challengeScript": "https://41bcdd4fb3cb.610cd090.us-east-1.token.awswaf.com/41bcdd4fb3cb/0d21de737ccb/cd77baa6c832/challenge.js",
"context": "",
"iv": "",
"cookieSolution": true,
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}Response
{
"errorId": 0,
"taskId": 407533072
}Get Task Result
Use the getTaskResult method to get the AmazonTask solution.
Request
POST https://captcha69.com/getTaskResult
Content-Type: application/json
{
"clientKey": "max1_YOUR_API_KEY",
"taskId": 407533072
}Response
{
"errorId": 0,
"status": "ready",
"solution": {
"cookies": {
"aws-waf-token": "10115f5b-ebd8-45c7-851e-cfd4f6a82e3e:EAoAua1QezAhAAAA:dp7sp2rXIRcnJcmpWOC1vIu+yq/A3EbR6b6K7c67P49usNF1f1bt/Af5pNcZ7TKZlW+jIZ7QfNs8zjjqiu8C9XQq50Pmv2DxUlyFtfPZkGwk0d27Ocznk18/IOOa49Rydx+/XkGA7xoGLNaUelzNX34PlyXjoOtL0rzYBxMAQy0D1tn+Q5u97kJBjs5Mytqu9tXPIPCTSn4dfXv5llSkv9pxBEnnhwz6HEdmdJMdfur+YRW1MgCX7i3L2Y0/CNL8kd8CEhTMzwyoXekrzBM="
},
"userAgent": "userAgentPlaceholder"
}
}Solution Properties
| Property | Type | Description |
|---|---|---|
cookies |
Object | Contains the aws-waf-token cookie when cookieSolution is true. |
captcha_voucher |
String | Returned when cookieSolution is false. |
existing_token |
String | Returned when cookieSolution is false. |
userAgent |
String | User-Agent used during solving. |
How to Obtain Parameters
When navigating to the site, you get a 405 response and an HTML page with captcha. You can extract all parameters from this page:
Extracting Parameters Automatically
JavaScript (Node.js) - Extract Parameters with Playwright
import { chromium } from "playwright";
const CAPTCHA_URL = "https://example.com";
(async () => {
const browser = await chromium.launch({ headless: false });
const page = await browser.newPage();
await page.goto(CAPTCHA_URL);
const captchaParams = await page.evaluate(() => {
const gokuProps = window.gokuProps || {};
const scripts = Array.from(document.querySelectorAll("script"));
return {
websiteKey: gokuProps.key || "Not found",
context: gokuProps.context || "Not found",
iv: gokuProps.iv || "Not found",
challengeScriptUrl:
scripts.find((script) => script.src.includes("challenge.js"))?.src ||
"Not found",
captchaScriptUrl:
scripts.find((script) => script.src.includes("captcha.js"))?.src ||
"Not found",
};
});
console.log("Captcha params:", captchaParams);
await browser.close();
})();Python - Extract Parameters with Playwright
import asyncio
from playwright.async_api import async_playwright
CAPTCHA_URL = "https://example.com"
async def main():
async with async_playwright() as p:
browser = await p.chromium.launch(headless=False)
page = await browser.new_page()
await page.goto(CAPTCHA_URL)
captcha_params = await page.evaluate("""
() => {
const gokuProps = window.gokuProps || {};
const scripts = Array.from(document.querySelectorAll('script'));
return {
websiteKey: gokuProps.key || "Not found",
context: gokuProps.context || "Not found",
iv: gokuProps.iv || "Not found",
challengeScriptUrl: scripts.find(script => script.src.includes('challenge.js'))?.src or
"Not found",
captchaScriptUrl: scripts.find(script => script.src.includes('captcha.js'))?.src or
"Not found"
};
}
""")
print("Captcha params:", captcha_params)
await browser.close()
asyncio.run(main())