I want to make hcaptcha solver Chrome extension. I am successfully using some api to solve captchas, find data-sitekey
and another params.
But exactly on Hcaptcha's site there is a block that I currently can't bypass.
It overrides (with obfuscation) XMLHttpRequest
and, in particular, send
method allowing requests only to some domains, and I, obviously need to send request to custom domain, so when I try to do that, it throws an exception.
My try
In extension I have two files - content.js
and inject.js
.
content.js
just injecting inject.js
before page loads:
function injectScript() {
var s = document.createElement('script');
s.setAttribute("charset", "UTF-8");
s.src = chrome.runtime.getURL('inject.js');
s.onload = function() {
//this.remove();
};
(document.head || document.documentElement).prepend(s);
}
injectScript();
In inject.js
there is an interval
that tries to find and parse captcha's data need to solve it, and after parse send to solver server via Ajax request.
I tried different methods, adding at the beginning of inject.js
:
XMLHttpRequest
- var dihdkn278dm = XMLHttpRequest
and then creating not XMLHttpRequest
but dihdkn278dm
object;XMLHttpRequest
object - var dihdkn278dm = new XMLHttpRequest()
and then instead of creating request object use it;XMLHttpRequest
send
function (yes just native code
).However, when it comes to call send
in the code, it is already overwritten.
Ideas how to bypass it? Only inspect obfuscated code?
*fetch
also overridden