AWS WAF Token Solving
Solve Amazon Web Services CAPTCHA challenges programmatically. AWS WAF is used to protect various AWS services including account registration, console access, and API endpoints.
What is AWS WAF?
AWS WAF is Amazon's custom captcha system used to protect their web services from automated abuse. It appears on AWS account registration, console login, and other AWS service pages. Our service can bypass these challenges and provide valid verification tokens for seamless automation.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "AWS_WAF_TOKEN"Request Format
POST
/createTask
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "AWS_WAF_TOKEN" |
captcha.metadata.siteUrl |
string | required | Full URL of AWS page with captcha |
captcha.metadata.siteKey |
string | required | AWS WAF site key |
captcha.payload.context |
string | optional | Context of the captcha (e.g., 'registration', 'login') |
captcha.payload.proxy |
object | optional | Proxy configuration object |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if proxy object is provided
Example Request
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'AWS_WAF_TOKEN',
metadata: {
siteUrl: 'https://aws.amazon.com/register',
siteKey: 'aws_waf_site_key'
},
payload: {
context: 'registration',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);
Response Format
Create Task Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_aws123",
"status": "processing"
}
}
Fetch Result Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_aws123",
"status": "processing"
}
}
Fetch Result Response (Completed)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha solved successfully",
"task": {
"id": "MyDisctSolver_aws123",
"status": "completed",
"result": {
"token": "AWS_WAF_TOKEN_value",
"timestamp": "2025-11-05T12:34:56.789Z"
}
}
}
Understanding the Response
The token field contains the AWS WAF verification token. This token should be
submitted with your AWS form or API request as the captcha response.
Implementation Guide
Step 1: Extract AWS WAF Site Key
Find the AWS WAF site key from the page source:
JavaScript
// Method 1: Look for AWS WAF widget
function getAWSCaptchaSiteKey() {
const awsCaptcha = document.querySelector('[data-aws-captcha]') ||
document.querySelector('.aws-captcha-widget');
if (awsCaptcha) {
return awsCaptcha.getAttribute('data-site-key') ||
awsCaptcha.getAttribute('data-key');
}
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent?.match(/aws.*captcha.*key['"]?s*[:=]s*['"]([^'"]+)/i);
if (match) return match[1];
}
const hiddenInput = document.querySelector('input[name*="captcha"][type="hidden"]');
if (hiddenInput) {
return hiddenInput.value;
}
return null;
}
const siteKey = getAWSCaptchaSiteKey();
console.log('AWS WAF Site Key:', siteKey);
Step 2: Solve AWS WAF Token
JavaScript
async function solveAWSCaptchaToken(siteUrl, siteKey, context = 'registration') {
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'AWS_WAF_TOKEN',
metadata: { siteUrl, siteKey },
payload: { context }
}
})
});
const createData = await createResponse.json();
if (!createData.success) {
throw new Error(createData.error.message);
}
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000)); // Wait 5 seconds
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result.token;
} else if (resultData.task.status === 'failed') {
throw new Error('AWS WAF solving failed');
}
}
}
const token = await solveAWSCaptchaToken(
'https://aws.amazon.com/register',
'aws_waf_site_key',
'registration'
);
console.log('AWS WAF Token:', token);
Step 3: Submit Token with AWS Form
JavaScript
// Method 1: Submit with AWS registration form
async function submitAWSRegistration(token) {
const formData = new FormData();
formData.append('email', '[email protected]');
formData.append('password', 'securepassword123');
formData.append('captcha_token', token);
const response = await fetch('https://aws.amazon.com/register', {
method: 'POST',
body: formData
});
return await response.json();
}
async function submitAWSAPI(token) {
const response = await fetch('https://aws-api.amazon.com/register', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
email: '[email protected]',
password: 'securepassword123',
captchaToken: token
})
});
return await response.json();
}
function injectTokenIntoAWSForm(token) {
const tokenField = document.querySelector('input[name="captcha_token"]') ||
document.querySelector('input[name*="captcha"]') ||
document.querySelector('#captcha_token');
if (tokenField) {
tokenField.value = token;
const form = tokenField.closest('form');
if (form) {
form.submit();
}
}
}
const token = await solveAWSCaptchaToken(siteUrl, siteKey);
await submitAWSRegistration(token);
Python Example
Python
import requests
import time
def solve_AWS_WAF_TOKEN(site_url, site_key, api_key, context='registration'):
"""
Solve AWS WAF token challenge
Args:
site_url: URL where AWS WAF appears
site_key: AWS WAF site key
api_key: Your MyDisct Solver API key
context: Context (registration, login, etc.)
Returns:
AWS WAF verification token
"""
# Step 1: Create task
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'AWS_WAF_TOKEN',
'metadata': {
'siteUrl': site_url,
'siteKey': site_key
},
'payload': {
'context': context
}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
# Step 2: Poll for result
while True:
time.sleep(5) # Wait 5 seconds
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']['token']
elif result_data['task']['status'] == 'failed':
raise Exception('AWS WAF solving failed')
print('Waiting for solution...')
# Example usage
token = solve_AWS_WAF_TOKEN(
site_url='https://aws.amazon.com/register',
site_key='aws_waf_site_key',
api_key='YOUR_API_KEY',
context='registration'
)
print(f'AWS WAF Token: {token}')
# Submit with AWS registration
response = requests.post(
'https://aws.amazon.com/register',
data={
'email': '[email protected]',
'password': 'securepassword123',
'captcha_token': token
}
)
print(f'Registration response: {response.status_code}')
Best Practices
Recommendations
- Always use the exact AWS page URL where the captcha appears
- Include context parameter for better success rates (registration, login, etc.)
- AWS WAF solving typically takes 15-45 seconds
- Poll every 5 seconds for token-based captchas
- Use appropriate user agents that match AWS service expectations
- Handle token expiration (tokens typically valid for 2 minutes)
- Implement proper error handling for failed tasks
Common Issues
Issue: AWS WAF site key not found
Solution: AWS WAF keys are often embedded in JavaScript or hidden inputs. Check the page source code and network requests for the key.
Issue: Token rejected by AWS
Solution: Ensure you're using the correct site key and URL. AWS services are strict about captcha validation. Double-check the form field names.
Issue: Long solve times
Solution: AWS WAF challenges are complex and may take longer to solve. Increase polling timeout and be patient during processing.
Issue: Context parameter issues
Solution: Different AWS services may require specific context values. Try different context values like 'registration', 'login', 'console' if having issues.