resolved-bot icon indicating copy to clipboard operation
resolved-bot copied to clipboard
verified publisher icon 21Bruce

[FEATURE]: Captcha Cracking for Resy API

Open 21Bruce opened this issue 1 year ago • 5 comments

Is there an existing issue for this feature?

  • [X] I have searched for this issue

Description of the problem

With the increasing prevalence of bot solutions, resy has started using captcha on higher-demand reservations. If this pattern continues, the critical factor in making reservations will most certainly be the ability to complete a captcha. This is a fantastic blessing in disguise. For one, there are well-documented machine learning algorithms which can classify captchas at an extremely high rate. Second, since most of the bots out there are not actively maintained, they'll be completely useless compared to a bot that handles captcha. Third, and even better, an ML captcha system is probably far faster than the vast majority of people trying to solve a captcha.

Despite these opportunities, implementing captcha accurately is tough. We first have to decipher the networking calls, which is pretty hard since we have to create an event in the browser that we can monitor and study, and these captchas are appearing very infrequently. I'd assume they appear on harder reservations, which makes it harder for us to reproduce and test our implementation. Furthermore, once we have the networking calls down, there are a number of captcha tasks. Some involve typing letters and number, some involve selecting photos, others involve checking a box and then moving the mouse in such a way that google thinks a human is behind the IO. We will need algorithms for these separate functions.

Planned Solution

Add the networking checks and calls to resy's reserve function, create a separate top level package for ML stuff.

Alternatives

None really, maybe somehow displaying the captcha to the user in the terminal, but that seems pathological.

Solution Specifics

There are a few papers online about breaking captchas. For analyzing network calls, we'll start with the common firefox/postman method of breaking and then modify if that doesn't work

21Bruce avatar Jan 18 '24 01:01 21Bruce

Hi! I've been stalking this project for a few months now, and I'd like to possibly contribute by taking a crack at this.

I see a branch has been cut already, but I don't seen any work committed to it yet. Not sure if you've started on this and just having pushed any of your changes, or if that branch is just a placeholder for work to land eventually, but if this is unclaimed I'd be happy to take a stab at it.

Lmk if the above comments are missing any additional information that might be good to know, like a specific idea or direction for how this should be accomplished/implemented, or any other findings that might be relevant.

tshamz avatar Jan 23 '24 05:01 tshamz

Why don't we just use 3rd party vendor for solving recaptcha? Even if we solve it this time, the recaptcha is continuously evolving to anti-bot (especially this is an open source project)

To avoid endless effort to be spent on the task, I would suggest relying on 3rd party solver solution

chanyk-joseph avatar May 25 '24 07:05 chanyk-joseph