Tutorials

CAPTCHA Chains: Solving Sequential Challenges in Multi-Step Forms

Automation Python All CAPTCHA Types
By Irina
Published at Feb 09, 2026
CAPTCHA Chains: Solving Sequential Challenges in Multi-Step Forms
Featured image unavailable

Some forms don't ask for one CAPTCHA — they ask for two or three across different steps. Account registration might show reCAPTCHA v2 on the email step, then Turnstile on the payment step. Each CAPTCHA depends on the session state from the previous step, so solving them out of order or without carrying cookies forward causes failures.

Common CAPTCHA Chain Patterns

Pattern Example Complexity
Same type, multiple steps reCAPTCHA on step 1 and step 3 Low — same solving logic, just repeat
Mixed types across steps reCAPTCHA on login, Turnstile on checkout Medium — different solver configs per step
Conditional CAPTCHA CAPTCHA only appears after suspicious input High — detection logic required
Progressive difficulty Simple image CAPTCHA, then Enterprise reCAPTCHA High — different cost/time per step

Python: Sequential CAPTCHA Chain Solver

import requests
import time
from dataclasses import dataclass

API_KEY = "YOUR_API_KEY"
SUBMIT_URL = "https://ocr.captchaai.com/in.php"
RESULT_URL = "https://ocr.captchaai.com/res.php"


@dataclass
class CaptchaStep:
    step_name: str
    method: str          # userrecaptcha, turnstile, etc.
    sitekey: str
    pageurl: str
    extra_params: dict = None  # Additional solver params

    def __post_init__(self):
        if self.extra_params is None:
            self.extra_params = {}


def solve_captcha(step, cookies=None):
    """Solve a single CAPTCHA step, optionally with session cookies."""
    params = {
        "key": API_KEY,
        "method": step.method,
        "json": 1,
    }

    if step.method == "userrecaptcha":
        params["googlekey"] = step.sitekey
        params["pageurl"] = step.pageurl
    elif step.method == "turnstile":
        params["sitekey"] = step.sitekey
        params["pageurl"] = step.pageurl

    # Pass cookies for session-aware solving
    if cookies:
        cookie_str = "; ".join(f"{k}={v}" for k, v in cookies.items())
        params["cookies"] = cookie_str

    params.update(step.extra_params)

    resp = requests.post(SUBMIT_URL, data=params, timeout=30).json()
    if resp.get("status") != 1:
        raise RuntimeError(f"[{step.step_name}] Submit failed: {resp.get('request')}")

    task_id = resp["request"]

    for _ in range(60):
        time.sleep(5)
        poll = requests.get(RESULT_URL, params={
            "key": API_KEY, "action": "get",
            "id": task_id, "json": 1,
        }, timeout=15).json()

        if poll.get("request") == "CAPCHA_NOT_READY":
            continue
        if poll.get("status") == 1:
            return poll["request"]
        raise RuntimeError(f"[{step.step_name}] Solve failed: {poll.get('request')}")

    raise RuntimeError(f"[{step.step_name}] Timeout waiting for solution")


def solve_chain(steps, session=None):
    """
    Solve a chain of CAPTCHAs across form steps.
    Maintains session cookies between steps.
    """
    if session is None:
        session = requests.Session()

    results = {}

    for i, step in enumerate(steps):
        print(f"Step {i + 1}/{len(steps)}: {step.step_name}")

        # Get the page to collect fresh cookies and detect the CAPTCHA
        page_resp = session.get(step.pageurl)
        cookies = dict(session.cookies)

        # Solve the CAPTCHA
        start = time.monotonic()
        token = solve_captcha(step, cookies=cookies)
        elapsed = time.monotonic() - start
        print(f"  Solved in {elapsed:.1f}s")

        results[step.step_name] = {
            "token": token,
            "solve_time": round(elapsed, 1),
        }

        # Submit the form step with the token
        form_data = build_form_data(step, token)
        submit_resp = session.post(step.pageurl, data=form_data)

        if submit_resp.status_code != 200:
            raise RuntimeError(
                f"[{step.step_name}] Form submission failed: {submit_resp.status_code}"
            )

        print(f"  Form submitted — moving to next step")

        # Brief pause between steps (mimics human behavior)
        if i < len(steps) - 1:
            time.sleep(2)

    return results


def build_form_data(step, token):
    """Build form data for a given step. Customize per your target site."""
    data = {}

    if step.method == "userrecaptcha":
        data["g-recaptcha-response"] = token
    elif step.method == "turnstile":
        data["cf-turnstile-response"] = token

    return data


# Example: 3-step registration form
steps = [
    CaptchaStep(
        step_name="email_verification",
        method="userrecaptcha",
        sitekey="RECAPTCHA_SITEKEY_STEP1",
        pageurl="https://example.com/register/step1",
    ),
    CaptchaStep(
        step_name="phone_verification",
        method="userrecaptcha",
        sitekey="RECAPTCHA_SITEKEY_STEP2",
        pageurl="https://example.com/register/step2",
    ),
    CaptchaStep(
        step_name="payment_confirmation",
        method="turnstile",
        sitekey="TURNSTILE_SITEKEY_STEP3",
        pageurl="https://example.com/register/step3",
    ),
]

results = solve_chain(steps)
for step_name, result in results.items():
    print(f"{step_name}: solved in {result['solve_time']}s")

JavaScript: Sequential Chain with Session Persistence

const API_KEY = "YOUR_API_KEY";
const SUBMIT_URL = "https://ocr.captchaai.com/in.php";
const RESULT_URL = "https://ocr.captchaai.com/res.php";

async function solveCaptcha(step, cookies = "") {
  const params = new URLSearchParams({
    key: API_KEY,
    method: step.method,
    json: "1",
  });

  if (step.method === "userrecaptcha") {
    params.set("googlekey", step.sitekey);
    params.set("pageurl", step.pageurl);
  } else if (step.method === "turnstile") {
    params.set("sitekey", step.sitekey);
    params.set("pageurl", step.pageurl);
  }

  if (cookies) params.set("cookies", cookies);

  const submit = await (await fetch(SUBMIT_URL, { method: "POST", body: params })).json();
  if (submit.status !== 1) throw new Error(`[${step.name}] Submit: ${submit.request}`);

  const taskId = submit.request;
  for (let i = 0; i < 60; i++) {
    await new Promise((r) => setTimeout(r, 5000));
    const url = `${RESULT_URL}?key=${API_KEY}&action=get&id=${taskId}&json=1`;
    const poll = await (await fetch(url)).json();
    if (poll.request === "CAPCHA_NOT_READY") continue;
    if (poll.status === 1) return poll.request;
    throw new Error(`[${step.name}] Solve: ${poll.request}`);
  }
  throw new Error(`[${step.name}] Timeout`);
}

async function solveChain(steps) {
  const results = {};
  let sessionCookies = "";

  for (let i = 0; i < steps.length; i++) {
    const step = steps[i];
    console.log(`Step ${i + 1}/${steps.length}: ${step.name}`);

    const start = Date.now();
    const token = await solveCaptcha(step, sessionCookies);
    const elapsed = ((Date.now() - start) / 1000).toFixed(1);
    console.log(`  Solved in ${elapsed}s`);

    results[step.name] = { token, solveTime: elapsed };

    // Submit form with token (pseudo-code — adapt to your site)
    // const response = await submitForm(step.pageurl, token, sessionCookies);
    // sessionCookies = extractCookies(response);

    // Pause between steps
    if (i < steps.length - 1) {
      await new Promise((r) => setTimeout(r, 2000));
    }
  }

  return results;
}

// Usage
const steps = [
  { name: "login", method: "userrecaptcha", sitekey: "SITEKEY_1", pageurl: "https://example.com/login" },
  { name: "verify", method: "userrecaptcha", sitekey: "SITEKEY_2", pageurl: "https://example.com/verify" },
  { name: "checkout", method: "turnstile", sitekey: "SITEKEY_3", pageurl: "https://example.com/checkout" },
];

solveChain(steps).then((results) => {
  console.log("Chain complete:", Object.keys(results));
});

Token Timing Across Steps

CAPTCHA tokens expire — typically 120 seconds for reCAPTCHA, 300 seconds for Turnstile. In a chain, don't pre-solve all steps at once:

Approach Risk Recommendation
Pre-solve all steps simultaneously Early tokens expire before use Don't do this
Solve step N only after step N-1 succeeds Slower but reliable Recommended for 2–3 step chains
Pre-solve next step during current form fill Token may expire if form takes long Only if form fill is fast (<60s)

Troubleshooting

Issue Cause Fix
Step 2 CAPTCHA gives different sitekey than expected Page changed based on step 1 response Re-extract sitekey from the live page at each step
Token rejected at step 2 Session cookies not carried forward Use a persistent session (requests.Session / cookie jar)
Chain fails at conditional step CAPTCHA only appears on certain paths Add detection: check if CAPTCHA element exists before solving
All tokens expire by final step Chain takes too long Solve each step's CAPTCHA only when you're ready to submit that step
Different CAPTCHA type than expected Site A/B tests CAPTCHA providers Detect CAPTCHA type dynamically from page source

FAQ

Can I parallelize CAPTCHA solving across chain steps?

Only if the steps are independent (no session dependency). Most chains require sequential processing because step 2's URL or parameters depend on step 1's submission response.

What if a step fails midway through the chain?

Save progress at each step. On retry, start from the failed step rather than the beginning. If previous steps created server-side state (like partially registered accounts), you may need to start a fresh session.

How do I detect which CAPTCHA type each step uses?

Parse the page HTML at each step. Look for data-sitekey attributes on div.g-recaptcha (reCAPTCHA), div.cf-turnstile (Turnstile), or div.h-captcha (hCaptcha) elements.

Next Steps

Handle multi-step CAPTCHA chains confidently — get your CaptchaAI API key and implement sequential solving.

Related guides:

Full Working Code

Complete runnable examples for this article in Python, Node.js, PHP, Go, Java, C#, Ruby, Rust, Kotlin & Bash.

View on GitHub →

Discussions (0)

No comments yet.