Anti-bot Anti-bot Tools CAPTCHA

CAPTCHA solver

A CAPTCHA solver is a system that automatically bypasses CAPTCHA challenges that would otherwise interrupt an automated web scraping pipeline. In 2026, CAPTCHAs are deployed by anti-bot systems including Cloudflare Turnstile, reCAPTCHA v2/v3, hCaptcha, and DataDome to distinguish humans from bots.

Most managed scraping APIs (ScraperAPI, Zyte, Bright Data) include CAPTCHA solving as part of the service. You don’t configure or call the solver separately — it’s integrated into the API request pipeline.

Types of CAPTCHA solvers

AI/ML-based solvers

reCAPTCHA v3 is score-based (no image challenge) and is bypassed by managing browser behavioural signals — mouse movement patterns, navigation history, cookies — rather than image recognition. Modern managed APIs handle reCAPTCHA v3 by maintaining persistent browser sessions with genuine human-like interaction patterns.

reCAPTCHA v2 (“I’m not a robot” checkbox and image challenges) can be solved by ML models that identify traffic lights, crosswalks, and buses in grid images. Services like 2Captcha and Anti-Captcha provide APIs for this.

Human-in-the-loop workers

2Captcha and Anti-Captcha use human workers in low-cost regions who solve CAPTCHAs for fractions of a cent each. Latency is typically 5–30 seconds per CAPTCHA. Accuracy is high (human) but adds latency to requests.

Token-based bypass

Cloudflare Turnstile and some reCAPTCHA v2 implementations can be bypassed by obtaining a valid challenge token through a headless browser with appropriate fingerprinting, then replaying the token. This is what puppeteer-extra-plugin-recaptcha and similar tools do.

CAPTCHA in the cost model

For scraping APIs that charge per credit, CAPTCHA-solving requests typically cost more:

ScraperAPI: premium proxies (which include CAPTCHA solving) cost 10 credits vs 1 for standard
Zyte: Browser API requests ($8.50/1K) include CAPTCHA bypass; HTTP API requests ($1.25/1K) do not
2Captcha direct: ~$1–$2 per 1,000 solved CAPTCHAs

For a workload that hits CAPTCHAs on 20% of requests, the cost difference between standard and CAPTCHA-enabled tiers can be significant. Build this into your budget.

CAPTCHA solving and legality

Bypassing CAPTCHAs to access sites that prohibit automated access may violate the site’s Terms of Service. Since the 2022 hiQ v. LinkedIn ruling, ToS violations are enforceable under contract law in US courts. Additionally, some jurisdictions treat CAPTCHA bypass as a computer access violation under statutes equivalent to the CFAA.

Practical guidance: for scraping commercial sites that deploy CAPTCHAs to protect against scraping, confirm that your use case is legally permissible before deploying CAPTCHA-solving infrastructure at scale. Read the legality guide.

2Captcha — solve reCAPTCHA v2 directly (for DIY scrapers)

from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_2CAPTCHA_API_KEY')

result = solver.recaptcha(
  sitekey='RECAPTCHA_SITE_KEY',  # From the target page's HTML
  url='https://target.com/login'
)
token = result['code']
# Submit token in your form POST or API call

Note: most teams don’t need to call CAPTCHA solvers directly. If you’re using ScraperAPI with premium=true or Zyte’s Browser API, CAPTCHA handling is automatic.

Anti-bot detection — the broader detection system CAPTCHAs are part of
Browser fingerprinting — what’s checked alongside CAPTCHAs
Cloudflare Turnstile — the modern CAPTCHA variant from Cloudflare

Related concepts

→ anti bot detection → residential proxy → cloudflare turnstile → stealth mode