POST /captcha with JWT answer x -> 200 or 401
POST /captcha with JWT answer x-9 -> 401
POST /captcha no JWT
POST /captcha with JWT -> 400
POST /captcha with JWT answer x+8 -> 401
POST /captcha with JWT answer x+10 -> 401
YES!
POST /captcha with JWT answer x+8 -> 401
POST /captcha with JWT answer x-11 -> 401
POST /captcha with JWT answer x-2 (answer may vary) -> 401
^ Repeat process ^
Not yet :(
POST /captcha with JWT answer x-10 -> 401
POST /captcha with JWT answer x+8 -> 401

Incorrect: We ignore

Incorrect: We ignore

Incorrect: We ignore

Incorrect: We ignore

All this request making happens at the same time in python, using aiohttp for asynchronous requests! As an experiment I slowed it down a bit so every few requests (configurable) it checks for a success instead of after all of them.

Correct, we set this the new JWT and solve that new CAPTCHA (keep repeating up to 1000)

...

Incorrect: We ignore

USe this as our new JWT because we probaly wasted a lot of time manually solving with that JWT at this point it’s very much near expiry. Proceed if our numSolvedCaptcha’s increased. We now have a CAPTCHA 2 png. Otherwise error because the captcha we entered is wrong...

Incorrect: We ignore

Incorrect: We ignore

CAPTCHA 1 png

HTML Page

Update JWT with received. Prompt user to solve a single captcha. Let’s let that number be x

Operator was too slow to manually solve captcha, try again.