3rd party captcha is retarded I know, because it tracks people and changes hardness based on how private your browsing setup is, especially recaptcha, if they can’t correlate your residential address and your joogle browsing history with your session, they will challenge with 20+ captchas.
hCaptcha is better but nah, I don’t trust them 100%. But I have to use it because it’s the best option for now.
So 4Chad implements a 10 posts per hour
rate limit on each IP, below this rate limit, it won’t even challenge you with captcha.
I could use an open source implementation, but I couldn’t find any good ones, so DM me if you find something good.
How captcha works on 4Chad
First you embed the captcha box from hCaptcha
<script src="https://hcaptcha.com/1/api.js" async defer></script>
<div class="h-captcha" data-sitekey="083531b8-f18e-481c-afae-dbb8baa523d0"></div>
After the captcha has been completed, copy the hcaptcha-data-response
or whatever, the token returned from hCaptcha that is. Then put it into this:
Method | Domain | Path | Description |
---|---|---|---|
POST | Captcha validation | /captchaverify |
upload the captcha completed |
Example body:
{
"captcha-completed-token":"P0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.........."
}
Example return:
{
"captcha-verified-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTIyODAyMTIsImlkIjoiNmE1ODFiYTk3Y2NiNDY1NSIsImlhdCI6MTU5MjI4MDE1Mn0.joI44DKcaOXgYDSv7vlaOxjO-BP6YDiQfoPPnTa1zEU"
}
Then you take the captcha-verified-token
, and put it into the header 4chad-captcha-verified-token
when you post a post.
Normally when you post, 4Chad doesn’t require the 4chad-captcha-verified-token
header, but if you exceed the rate limit, you will be confronted with an error message, that’s when you know you need to do the captcha.