How to Solve AWS WAF Captcha Token

AWS WAF CAPTCHA is a powerful anti-bot mechanism used across Amazon Web Services to block automated or suspicious traffic. Unlike traditional CAPTCHA systems, AWS WAF uses encrypted challenges (JS-based) and strict validation rules.

In this guide, we’ll walk through how AWS WAF CAPTCHA works and how to solve it efficiently using CapSolver.

🧩 Requirements

Before solving AWS WAF CAPTCHA, ensure you have:

• ✔️ CapSolver API Key

• ✔️ Proxy (optional)

  • Required only for certain task types
  • Some tasks use CapSolver’s internal proxy pool

⚠️ Key Points to Understand

1. Status Code 202 vs 405 — What’s the difference?

• Status Code 202
  Only awsChallengeJs is needed

• Status Code 405
  Requires all parameters:

  • awsKey
  • awsIv
  • awsContext
  • awsChallengeJs

2. Ensure the CAPTCHA URL is valid

A correct AWS CAPTCHA challenge page will:

• Return 405 status code

• Contain HTML elements:

  • key
  • iv
  • context

Example valid responses:

📌 Save these values:

• Challenge script URL
• Context
• Key
• IV

🧭 Step 1 — Create an AWS WAF CAPTCHA Task

CapSolver supports two task types:

For this tutorial, we use:
👉 AntiAwsWafTaskProxyless

🟣 If status code = 405 (Full parameters required)

POST https://api.capsolver.com/createTask
{
  "clientKey": "yourapiKey",
  "task": {
    "type": "AntiAwsWafTaskProxyless",
    "websiteURL": "https://efw47fpad9.execute-api.us-east-1.amazonaws.com/latest",
    "awsKey": "key value",
    "awsIv": "iv value",
    "awsContext": "context value",
    "awsChallengeJS": "URL of the JS challenge"
  }
}

🟢 If status code = 202 (Only JS challenge required)

POST https://api.capsolver.com/createTask
{
  "clientKey": "yourapiKey",
  "task": {
    "type": "AntiAwsWafTaskProxyless",
    "websiteURL": "https://efw47fpad9.execute-api.us-east-1.amazonaws.com/latest",
    "awsKey": "",
    "awsIv": "",
    "awsContext": "",
    "awsChallengeJS": "URL of the JS challenge"
  }
}

This will return a response containing your taskId, which you’ll use in Step 2.

🧾 Step 2 — Retrieve the CAPTCHA Solution

Poll every 3–5 seconds using getTaskResult:

POST https://api.capsolver.com/getTaskResult
{
  "clientKey": "YOUR_API_KEY",
  "taskId": "TASK_ID_FROM_CREATE_TASK"
}

A solved token will look like:

✔️ Once solved, create a cookie:

aws-waf-token = <token_from_capsolver>

Add this cookie to your session → validated successfully.

🎉 Conclusion

AWS WAF CAPTCHA can be complex due to encryption, context validation, and varying challenge types. However, with CapSolver’s AWS-specific task types, solving it becomes straightforward and reliable.

Using AntiAwsWafTaskProxyless or AntiAwsWafTask, you can:

• Decode encrypted AWS challenges
• Solve CAPTCHA logic
• Generate the required aws-waf-token cookie
• Automatically pass AWS WAF protection

Start solving AWS WAF CAPTCHA easily using
👉 CapSolver

❓ FAQ

1. What is AWS WAF CAPTCHA?

A JavaScript-based anti-bot challenge used by AWS to block automated traffic.

2. Why do I get status code 405 on CAPTCHA pages?

405 indicates a CAPTCHA challenge that includes:

• key
• iv
• context

These must be decrypted using CapSolver.

3. What parameters do I need to solve AWS WAF CAPTCHA?

Depends on the status code:

• 202 → only awsChallengeJs
• 405 → requires all parameters

4. Does CapSolver support proxyless AWS WAF solving?

Yes. Use AntiAwsWafTaskProxyless.

5. What do I do after obtaining the CAPTCHA solution?

Create a cookie named aws-waf-token with the returned token value.