AWS WAF Token Solving
Solve Amazon Web Services CAPTCHA challenges programmatically. AWS WAF is used to protect various AWS services including account registration, console access, and API endpoints.
What is AWS WAF?
AWS WAF is Amazon's custom captcha system used to protect their web services from automated abuse. It appears on AWS account registration, console login, and other AWS service pages. Our service can bypass these challenges and provide valid verification tokens for seamless automation.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "AWS_WAF_TOKEN"Request Format
POST
/createTask
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "AWS_WAF_TOKEN" |
captcha.metadata.siteUrl |
string | required | Full URL of AWS page with captcha |
captcha.metadata.siteKey |
string | required | AWS WAF site key |
captcha.payload.context |
string | optional | Context of the captcha (e.g., 'registration', 'login') |
captcha.payload.proxy |
object | optional | Proxy configuration object |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if proxy object is provided
Example Request
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'AWS_WAF_TOKEN',
metadata: {
siteUrl: 'https://aws.amazon.com/register',
siteKey: 'aws_waf_site_key'
},
payload: {
context: 'registration',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);
Response Format
Create Task Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_aws123",
"status": "processing"
}
}
Fetch Result Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_aws123",
"status": "processing"
}
}
Fetch Result Response (Completed)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha solved successfully",
"task": {
"id": "MyDisctSolver_aws123",
"status": "completed",
"result": {
"token": "AWS_WAF_TOKEN_value",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"timestamp": "2025-11-05T12:34:56.789Z"
}
}
}
Understanding the Response
The token field contains the AWS WAF verification token. This token should be
submitted with your AWS form or API request as the captcha response. The user_agent
field contains the exact user agent used during solving. Must be forwarded in all subsequent
requests that use the generated token.
Implementation Guide
Step 1: Extract AWS WAF Site Key
Find the AWS WAF site key from the page source:
JavaScript
// Method 1: Look for AWS WAF widget
function getAWSCaptchaSiteKey() {
const awsCaptcha = document.querySelector('[data-aws-captcha]') ||
document.querySelector('.aws-captcha-widget');
if (awsCaptcha) {
return awsCaptcha.getAttribute('data-site-key') ||
awsCaptcha.getAttribute('data-key');
}
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent?.match(/aws.*captcha.*key['"]?s*[:=]s*['"]([^'"]+)/i);
if (match) return match[1];
}
const hiddenInput = document.querySelector('input[name*="captcha"][type="hidden"]');
if (hiddenInput) {
return hiddenInput.value;
}
return null;
}
const siteKey = getAWSCaptchaSiteKey();
console.log('AWS WAF Site Key:', siteKey);
Step 2: Solve AWS WAF Token
JavaScript
async function solveAWSCaptchaToken(siteUrl, siteKey, context = 'registration') {
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'AWS_WAF_TOKEN',
metadata: { siteUrl, siteKey },
payload: { context }
}
})
});
const createData = await createResponse.json();
if (!createData.success) {
throw new Error(createData.error.message);
}
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000)); // Wait 5 seconds
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result;
} else if (resultData.task.status === 'failed') {
throw new Error('AWS WAF solving failed');
}
}
}
const result = await solveAWSCaptchaToken(
'https://aws.amazon.com/register',
'aws_waf_site_key',
'registration'
);
console.log('AWS WAF Token:', result.token);
console.log('User Agent:', result.user_agent);
Step 3: Submit Token with AWS Form
JavaScript
// Method 1: Submit with AWS registration form
async function submitAWSRegistration(result) {
const formData = new FormData();
formData.append('email', '[email protected]');
formData.append('password', 'securepassword123');
formData.append('captcha_token', result.token);
const response = await fetch('https://aws.amazon.com/register', {
method: 'POST',
headers: {
'User-Agent': result.user_agent
},
body: formData
});
return await response.json();
}
async function submitAWSAPI(result) {
const response = await fetch('https://aws-api.amazon.com/register', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'User-Agent': result.user_agent
},
body: JSON.stringify({
email: '[email protected]',
password: 'securepassword123',
captchaToken: result.token
})
});
return await response.json();
}
function injectTokenIntoAWSForm(token) {
const tokenField = document.querySelector('input[name="captcha_token"]') ||
document.querySelector('input[name*="captcha"]') ||
document.querySelector('#captcha_token');
if (tokenField) {
tokenField.value = token;
const form = tokenField.closest('form');
if (form) {
form.submit();
}
}
}
const result = await solveAWSCaptchaToken(siteUrl, siteKey);
await submitAWSRegistration(result);
Python Example
Python
import requests
import time
def solve_AWS_WAF_TOKEN(site_url, site_key, api_key, context='registration'):
"""
Solve AWS WAF token challenge
Args:
site_url: URL where AWS WAF appears
site_key: AWS WAF site key
api_key: Your MyDisct Solver API key
context: Context (registration, login, etc.)
Returns:
AWS WAF verification token
"""
# Step 1: Create task
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'AWS_WAF_TOKEN',
'metadata': {
'siteUrl': site_url,
'siteKey': site_key
},
'payload': {
'context': context
}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
# Step 2: Poll for result
while True:
time.sleep(5) # Wait 5 seconds
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']
elif result_data['task']['status'] == 'failed':
raise Exception('AWS WAF solving failed')
print('Waiting for solution...')
# Example usage
result = solve_AWS_WAF_TOKEN(
site_url='https://aws.amazon.com/register',
site_key='aws_waf_site_key',
api_key='YOUR_API_KEY',
context='registration'
)
print(f'AWS WAF Token: {result["token"]}')
print(f'User Agent: {result["user_agent"]}')
# Submit with AWS registration
response = requests.post(
'https://aws.amazon.com/register',
headers={
'User-Agent': result['user_agent']
},
data={
'email': '[email protected]',
'password': 'securepassword123',
'captcha_token': result['token']
}
)
print(f'Registration response: {response.status_code}')
Best Practices
Recommendations
- Always use the exact AWS page URL where the captcha appears
- Include context parameter for better success rates (registration, login, etc.)
- AWS WAF solving typically takes 15-45 seconds
- Poll every 5 seconds for token-based captchas
- Always forward the exact
user_agentfrom the response result in subsequent requests - Handle token expiration (tokens typically valid for 2 minutes)
- Implement proper error handling for failed tasks
Common Issues
Issue: AWS WAF site key not found
Solution: AWS WAF keys are often embedded in JavaScript or hidden inputs. Check the page source code and network requests for the key.
Issue: Token rejected by AWS
Solution: Ensure you're using the correct site key and URL. AWS services are strict about captcha validation. Double-check the form field names.
Issue: Long solve times
Solution: AWS WAF challenges are complex and may take longer to solve. Increase polling timeout and be patient during processing.
Issue: Context parameter issues
Solution: Different AWS services may require specific context values. Try different context values like 'registration', 'login', 'console' if having issues.