Bypass AWS WAF Captcha (Using Image Recognition)

Bypass AWS WAF Captcha using Image Recognition

Logo of Capsolver

CapSolver Blogger

How to use capsolver


Bypassing Amazon WAF (AWS CAPTCHA) with CapSolver

In the world of web security, captchas serve as a primary line of defense against bots and automated scripts. They are designed to distinguish human users from bots. One such captcha system is Amazon's Web Application Firewall (WAF). This blog post will guide you on how to bypass Amazon WAF using CapSolver.

What is Amazon WAF?

Amazon WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns.

Types of Amazon WAF Captcha

Amazon WAF uses a single type of captcha system to verify that the user is human. This system presents a challenge to the user that needs to be solved. The challenge could be a puzzle or a question related to an image. While the specific challenge may vary, the captcha system itself is of a single type.

Here's an example of what an Amazon WAF captcha might look like:
Amazon WAF Captcha

Bypassing Amazon WAF with CapSolver

CapSolver is a service that provides solutions for captcha recognition. It offers various task types for different captcha systems, including Amazon WAF. The task type used for Amazon WAF is AwsWafClassification.

Creating a Task with CapSolver

To bypass Amazon WAF, you need to create a task with CapSolver. Here's how you can do it:

  1. Use the createTask method provided by CapSolver's API. This method doesn't require you to obtain the results separately as it synchronously returns the image recognition results.

  2. The task type field should be AwsWafClassification.

  3. The task object structure should include the following properties:

    • type: This should be AwsWafClassification.
    • images: This should be a list of base64 image strings.
    • question: This should be a string. For full names of questions, refer to the list of questions provided by CapSolver.

Here's an example request:

Content-Type: application/json

 "clientKey": "YOUR_API_KEY",
 "task": {
 "type": "AwsWafClassification",
 "images": ["base64 image string"],
 "question": "aws:toycarcity:carcity"

Here's an example response:

 "errorId": 0,
 "status": "ready",
 "solution": {
   //This is for the solution of find path for car
   "box": [
   //Distance is for the amazon waf captcha type that require slider
   "distance": 500
 "taskId": "cbb1c730-e569-4ba6-b5fc-e06377694aa7"


Bypassing Amazon WAF with CapSolver is a straightforward process. It involves creating a task with the createTask method and providing the necessary details. Remember to use the correct task type and provide the required properties in the task object structure.

Please note that the actual API request should replace "YOUR_API_KEY" with your actual API key and "base64 image string" with your actual base64 image string. The question field should also be replaced with a valid question from the list provided by CapSolver.

CapSolver Team 💜