Alibaba Cloud Captcha
任务示例
以下是当前 CapMonster Cloud 服务支持的 Alibaba CAPTCHA 任务类型示例:
Slider CAPTCHA
Puzzle CAPTCHA
Image restoration CAPTCHA
注意!
CapMonster Cloud 默认通过内置代理工作——这些代理已包含在费用内。仅当网站不接受令牌或对内置服务的访问受限时,才需要指定您自己的代理。
如果代理按 IP 授权,请将地址 65.21.190.34 加入白名单。
请求参数
type<string>requiredCustomTask
class<string>requiredalibaba
websiteURL<string>required包含 CAPTCHA 的页面完整 URL。
sceneId(在 metadata 中)<string>requiredCAPTCHA 场景标识符,以如下格式传递:"sceneId":"1ww7426c4"(如何获取该参数值,请参见对应章节)
prefix(在 metadata 中)<string>requiredCAPTCHA 初始化参数,通过用于加载页面任务文本的请求 URL 传递。
例如,如果 URL 为:https://dlw3kug.captcha-open.example.aliyuncs.com/,则 prefix 参数的值对应子域名 —— dlw3kug。
对于某些网站,需要传递额外参数:
仅在网站存在这些参数时才填写(详见章节 使用包含扩展参数的网站*)。
userId (metadata中的)<string>optional网站端用户或会话的唯一标识符。
userUserId (metadata中的)<string>optional用户的附加(次级)标识符。
verifyType (metadata中的)<string>optional验证码验证机制的版本或类型。
region (metadata中的)<string>optional用于处理验证码的服务器或数据中心区域。
UserCertifyId (metadata中的)<string>optional与当前验证码会话相关的唯一验证ID。
apiGetLib (metadata中的)<string>optional指向网站所使用的验证码 JS 库链接。该值在客户端生成,并可能在每次页面渲染时动态变化。
userAgent<string>optional浏览器的 User-Agent。
请仅传递最新的 Windows 系统 UA,目前推荐使用:userAgentPlaceholder
proxyType<string>optionalhttp - 普通 http/https 代理;
https - 如果 http 不工作,可以尝试此选项(部分自定义代理要求);
socks4 - socks4 代理;
socks5 - socks5 代理。
proxyAddress<string>optional代理的 IPv4 或 IPv6 地址。禁止以下情况:
- 使用透明代理(即暴露真实客户端 IP);
- 使用本地代理地址。
proxyPort<integer>optional代理端口。
proxyLogin<string>optional代理用户名。
proxyPassword<string>optional代理密码。
创建任务的方法
普通版本(无附加参数)
- CustomTask(无代理)
- CustomTask(使用代理)
POST
https://api.capmonster.cloud/createTask
请求
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug"
}
}
}
响应
{
"errorId": 0,
"taskId": 407533077
}
POST
https://api.capmonster.cloud/createTask
请求
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}
}
响应
{
"errorId": 0,
"taskId": 407533077
}
带扩展参数的版本(userId、userUserId、verifyType 等):
- CustomTask(无代理)
- CustomTask(使用代理)
POST
https://api.capmonster.cloud/createTask
请求
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
}
}
}
响应
{
"errorId": 0,
"taskId": 407533077
}
POST
https://api.capmonster.cloud/createTask
请求
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
},
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}
响应
{
"errorId": 0,
"taskId": 407533077
}
获取结果的方法
使用方法 getTaskResult 获取 Alibaba CAPTCHA 的解决结果。
POST
https://api.capmonster.cloud/getTaskResult
请求
{
"clientKey": "API_KEY",
"taskId": 407533077
}
响应
{
"errorId": 0,
"errorCode": null,
"errorDescription": null,
"status": "ready",
"solution": {
"data": {
"tokens": "{\"sceneId\":\"1ww7426c4\",\"certifyId\":\"kBjCxX2W2c\",\"deviceToken\":\"U0dfV0VCIzM3...wOGJkMjY=\",\"data\":\"JRMnX3B...EUQdCpLkqSj7THYNf3dn\"}"
}
}
}
如何获取创建任务所需的所有参数
sceneId
sceneId 可以在成功完成一次 CAPTCHA 后获取:
- 在网站上手动完成 CAPTCHA。
- 打开 DevTools → Network 标签。
- 找到验证成功后发送的请求(例如:verify、check、validate)。
- 在 Payload 或 Response 中找到参数
sceneId(CaptchaSceneId或sId)。
该参数也可以通过在网络请求中搜索获取:
- 打开包含 CAPTCHA 的页面,然后进入 DevTools → Network 标签。
- 使用搜索(Ctrl + F)查找关键字
sceneId或CaptchaSceneId。
prefix
prefix 可以从用于加载 CAPTCHA 任务文本的请求 URL 中获取:
- 打开包含 CAPTCHA 的页面。
- 找到与加载任务相关的请求(通常通过 DevTools → Network)。
处理包含扩展参数的网站
验证码参数的提取与准备
本章节描述了在目标网站上提取必要参数、解决验证码以及重新执行登录授权的完整流程。
- 初始登录请求:
POST https://example.com/api/v2/auths/signin
发送用户数据:
{
"email": "[email protected]",
"password": "hashed_password"
}
请求头示例请参见章节 自动验证码解决示例。
- 服务器响应类型。服务器可能返回两种结果:
- 2.1 普通 JSON(无验证码):
{
"success": false,
"data": {
"code": "Bad_Request",
"details": "The email or password provided is incorrect..."
}
}
表示无需验证码,请求已正常处理。
- 2.2 带验证码的响应(服务器返回 HTML 页面而非 JSON):
<!doctype html>
<meta charset="UTF-8">
<meta name="aliyun_waf_aa" content="...">
<meta name="aliyun_waf_bb" content="...">
...
- 页面中包含如下对象数据:
var requestInfo = {
data,
region,
sceneId,
token,
traceid,
type,
userId,
userUserId
}
需要从该对象中提取以下用于验证码处理的参数:
userIduserUserIdverifyType(对应type)regionUserCertifyId(对应traceid)
注意: 还需要保存授权参数
token和traceid,它们将在后续请求中作为u_atoken和u_asig使用。
- JS 验证码脚本地址生成示例:
this.currentDate = new Date()
this.AliyunGeneratedDynamicJS =
`https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=${
this.currentDate.getFullYear() +
(this.currentDate.getMonth() + 1) +
this.currentDate.getDate() +
this.currentDate.getHours()
}`
- 构建
metadata并提交验证码请求:
这些数据将被发送到我们的验证码服务:
{
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
}
}
- 获取验证码结果,并使用之前保存的
u_atoken和u_asig重新发送登录请求:
POST https://example.com/api/v2/auths/signin?u_atoken=...&u_asig=...&u_aref=undefined
如果验证码通过,服务器将返回登录成功结果(见第 2.1 步)。
自动验证码解决示例
重要
以下示例仅用于演示,展示在使用 Alibaba Cloud Captcha 防护的网站中的通用工作流程。在实际项目中,代码可能需要根据具体网站的请求结构和请求头进行调整。
建议将重要数据(API 密钥、代理配置等)存储在 .env 文件或环境变量中。
- JavaScript
- Python
显示代码(Node.js)
import "dotenv/config";
import fs from "fs";
import { gotScraping } from "got-scraping";
function parse(text, start, end, isJson = true) {
const startIndex = text.indexOf(start);
if (startIndex === -1) return null;
const contentStart = startIndex + start.length;
const endIndex = text.indexOf(end, contentStart);
if (endIndex === -1) return null;
let extracted = text.substring(contentStart, endIndex).trim();
extracted = extracted.replace(/\n/g, "").trim();
let jsonStr = extracted
.replace(/(['"])?([a-zA-Z0-9_]+)(['"])?:/g, '"$2":')
.replace(/'/g, '"');
try {
return isJson ? JSON.parse(jsonStr) : jsonStr;
} catch (err) {
console.error("无法解析 JSON:", err.message);
console.error("尝试解析内容:", jsonStr);
return null;
}
}
function buildProxyLine(proxyUrl) {
if (!proxyUrl) return undefined;
const parts = proxyUrl.split(":");
// 处理格式 protocol:ip:port(3 部分)
if (parts.length === 3) {
const [protocol, ip, port] = parts;
return { proxyLine: `${protocol}://${ip}:${port}`, protocol, ip, port };
}
// 处理格式 protocol:username:password:ip:port(5 部分)
if (parts.length === 5) {
const [protocol, username, password, ip, port] = parts;
return {
proxyLine: `${protocol}://${username}:${password}@${ip}:${port}`,
protocol,
ip,
port,
username,
password,
};
}
// 无效格式
return undefined;
}
const proxyUrl =
process.env.proxyUrl || "http:username:password:127.0.0.1:9029"; // 请替换为你的代理参数或在 .env 中配置
const proxyLine = buildProxyLine(proxyUrl);
const delay = (ms) => new Promise((res) => setTimeout(res, ms));
class Worker {
constructor() {
this.providerVendorSolverUrl = "https://api.capmonster.cloud";
this.API_KEY = process.env.apiKey || "YOUR_API_KEY"; // 请替换为你的 CapMonster Cloud API Key
this.currentDate = new Date();
// 在这里生成验证码 JS 动态链接
this.AliyunGeneratedDynamicJS = `https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=${this.currentDate.getFullYear() + (this.currentDate.getMonth() + 1) + this.currentDate.getDate() + this.currentDate.getHours()}`;
this.websiteUrl = "https://example.com/auth"; // 请替换为触发验证码的页面 URL
this.userAgent =
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36";
}
async executor() {
console.log(`正在获取验证码参数....`);
const RequireAuthorizationResponses =
await this.getAuthorizationResponses();
console.log("成功获取验证码页面");
const requireParamsCaptchas = await this.requireParamsCaptchasData(
RequireAuthorizationResponses,
);
console.log(`验证码参数: `, requireParamsCaptchas);
const AlibabaSolvedResult = await this.requireAlibabaSolverResponse(
requireParamsCaptchas,
);
console.log(
`验证码结果: `,
AlibabaSolvedResult?.solution?.data?.tokens,
);
const RequireAuthorizationResponsesAfterCaptchaBypass =
await this.sendAuthrozationsRequest();
console.log(RequireAuthorizationResponsesAfterCaptchaBypass);
}
async sendAuthrozationsRequest() {
const response = await gotScraping.post(
`https://example.com/api/v2/auths/signin?u_atoken=${this.AuthorizationParams.u_atoken}&u_asig=${this.AuthorizationParams.u_asig}&u_aref=undefined`,
{
body: JSON.stringify({
email: "[email protected]",
password:
"e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}),
headers: {
Accept: "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
Origin: "https://example.com",
Pragma: "no-cache",
Referer: "https://example.com/auth",
Timezone: "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
Version: "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua":
'"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
source: "web",
},
},
);
return response.body;
}
async getAuthorizationResponses() {
const response = await gotScraping.post(
`https://example.com/api/v2/auths/signin`, // 请替换为触发验证码的实际登录 URL
{
body: JSON.stringify({
email: "[email protected]",
password:
"e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}),
headers: {
Accept: "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
Origin: "https://example.com", // 请替换为实际 Origin
Pragma: "no-cache",
Referer: "https://example.com/auth", // 请替换为实际 Referer
Timezone: "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
Version: "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua":
'"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
source: "web",
},
},
);
if (response.body.includes("requestInfo")) {
console.log("成功获取验证码响应:");
fs.writeFileSync("./baseResponse.txt", response.body);
console.log(response.body.substring(0, 150));
return response.body;
}
console.log(response.body);
return await this.getAuthorizationResponses();
}
async requireAlibabaSolverResponse(captchaMetadataParams) {
let cmReqData = {
type: "CustomTask",
class: "alibaba",
websiteURL: this.websiteUrl,
websiteKey: "customTask",
userAgent: this.userAgent,
};
if (captchaMetadataParams) {
cmReqData.metadata = captchaMetadataParams;
}
const response = await gotScraping.post(
`${this.providerVendorSolverUrl}/createTask`,
{
body: JSON.stringify({ clientKey: this.API_KEY, task: cmReqData }),
headers: {
"Content-Type": "application/json",
},
},
);
let JSON_responseData = JSON.parse(response.body);
if (JSON_responseData.errorId) throw new Error("JSON.TaskId.error");
let taskId = JSON_responseData.taskId;
let responseData;
while (true) {
let cmTaskRes = { clientKey: this.API_KEY, taskId: taskId };
let task_response = await gotScraping.post(
`${this.providerVendorSolverUrl}/getTaskResult`,
{
body: JSON.stringify(cmTaskRes),
headers: {
"Content-Type": "application/json",
},
},
);
let JSON_responseDataTaskResponse = JSON.parse(task_response.body);
if (JSON_responseDataTaskResponse.status !== "processing") {
responseData = JSON_responseDataTaskResponse;
break;
}
await delay(5000);
}
return responseData;
}
async requireParamsCaptchasData(responsesCaptchaPage) {
const JsonData = parse(
responsesCaptchaPage,
':none">var requestInfo = ',
";",
true,
);
// 保存授权参数,用于后续重新发送登录请求
this.AuthorizationParams = {
u_atoken: JsonData.token,
u_asig: JsonData.traceid,
};
return {
prefix: "57d98d02303c01e7d2f7814c75224396",
sceneId: JsonData.sceneId,
userId: JsonData.userId,
userUserId: JsonData.userUserId,
verifyType: "1.0",
region: JsonData.region,
UserCertifyId: JsonData.traceid,
apiGetLib: this.AliyunGeneratedDynamicJS,
};
}
}
new Worker().executor();
显示代码
import os
import json
import time
import re
import requests
from datetime import datetime
def parse(text, start, end, is_json=True):
start_index = text.find(start)
if start_index == -1:
return None
content_start = start_index + len(start)
end_index = text.find(end, content_start)
if end_index == -1:
return None
extracted = text[content_start:end_index].strip()
extracted = extracted.replace("\n", "").strip()
json_str = re.sub(r"(['\"])?([a-zA-Z0-9_]+)(['\"])?:", r'"\2":', extracted)
json_str = json_str.replace("'", '"')
try:
return json.loads(json_str) if is_json else json_str
except Exception as e:
print("无法解析 JSON:", str(e))
print("尝试解析:", json_str)
return None
def build_proxy(proxy_url: str):
"""
支持:
protocol:ip:port
protocol:username:password:ip:port
"""
if not proxy_url:
return None
parts = proxy_url.split(":")
if len(parts) == 3:
protocol, ip, port = parts
proxy_line = f"{protocol}://{ip}:{port}"
return {
"http": proxy_line,
"https": proxy_line,
}
if len(parts) == 5:
protocol, username, password, ip, port = parts
proxy_line = f"{protocol}://{username}:{password}@{ip}:{port}"
return {
"http": proxy_line,
"https": proxy_line,
}
return None
class Worker:
def __init__(self):
self.provider_vendor_solver_url = "https://api.capmonster.cloud"
self.api_key = os.getenv("API_KEY", "YOUR_API_KEY") # 请替换为你的 CapMonster Cloud API key
now = datetime.now()
self.aliyun_generated_dynamic_js = (
# 这里生成验证码 JS 动态链接
"https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?"
f"t={now.year}{now.month}{now.day}{now.hour}"
)
self.website_url = "https://example.com/auth" # 请替换为验证码所在页面 URL
self.user_agent = (
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
"AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/146.0.0.0 Safari/537.36"
)
self.authorization_params = {}
# ===================== 代理 =====================
proxy_url = os.getenv(
"proxyUrl",
"http:username:password:127.0.0.1:9029" # 请替换为你的代理配置或在 .env 中设置
)
self.proxies = build_proxy(proxy_url)
self.session = requests.Session()
# 将代理绑定到 session(重要)
if self.proxies:
self.session.proxies.update(self.proxies)
self.headers = {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
"Origin": "https://example.com", # 请替换为实际 Origin
"Pragma": "no-cache",
"Referer": "https://example.com/auth", # 请替换为实际 Referer
"Timezone": "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent": self.user_agent,
"Version": "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua": '"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
"source": "web",
}
def executor(self):
print("正在获取验证码参数....")
captcha_page = self.get_authorization_responses()
print("成功获取包含验证码的页面")
captcha_params = self.require_params_captchas_data(captcha_page)
print("验证码参数:", captcha_params)
solved = self.require_alibaba_solver_response(captcha_params)
print("验证码结果:", solved)
final_response = self.send_authorization_request()
print(final_response)
def get_authorization_responses(self):
url = "https://example.com/api/v2/auths/signin" # 请替换为触发验证码的实际登录接口
payload = {
"email": "[email protected]",
"password": "e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}
while True:
response = self.session.post(
url,
headers=self.headers,
data=json.dumps(payload),
)
text = response.text
if "requestInfo" in text:
print("成功获取验证码响应")
with open("baseResponse.txt", "w", encoding="utf-8") as f:
f.write(text)
print(text[:150])
return text
print("无验证码 -> 重试")
def require_params_captchas_data(self, html):
json_data = parse(html, ':none">var requestInfo = ', ";", True)
# 保存登录参数,用于后续重新请求登录接口
self.authorization_params = {
"u_atoken": json_data["token"],
"u_asig": json_data["traceid"],
}
return {
"prefix": "57d98d02303c01e7d2f7814c75224396",
"sceneId": json_data["sceneId"],
"userId": json_data["userId"],
"userUserId": json_data["userUserId"],
"verifyType": "1.0",
"region": json_data["region"],
"UserCertifyId": json_data["traceid"],
"apiGetLib": self.aliyun_generated_dynamic_js,
}
def require_alibaba_solver_response(self, metadata):
task_payload = {
"clientKey": self.api_key,
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": self.website_url,
"websiteKey": "customTask",
"userAgent": self.user_agent,
"metadata": metadata,
},
}
response = requests.post(
f"{self.provider_vendor_solver_url}/createTask",
json=task_payload,
)
data = response.json()
if data.get("errorId"):
raise Exception("任务创建失败")
task_id = data["taskId"]
while True:
result = requests.post(
f"{self.provider_vendor_solver_url}/getTaskResult",
json={"clientKey": self.api_key, "taskId": task_id},
).json()
if result["status"] != "processing":
return result
time.sleep(5)
def send_authorization_request(self):
url = (
"https://example.com/api/v2/auths/signin"
f"?u_atoken={self.authorization_params['u_atoken']}"
f"?u_asig={self.authorization_params['u_asig']}"
"&u_aref=undefined"
)
payload = {
"email": "[email protected]",
"password": "e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}
response = self.session.post(
url,
headers=self.headers,
data=json.dumps(payload),
)
return response.text
if __name__ == "__main__":
Worker().executor()
