AWS WAF solver for HTTP / requests Python
Hit AWS-WAF-protected APIs from Python requests by attaching a Sonic-issued aws-waf-token cookie. Tokens stay valid for ~5 minutes per origin — cache aggressively.
Runnable example
import requests
from captchasonic import CaptchaSonic
sonic = CaptchaSonic('YOUR_API_KEY')
result = sonic.solve(
type='AntiAwsWafTask',
website_url='https://api.example.com/protected',
user_agent='Mozilla/5.0 (...)',
)
session = requests.Session()
session.cookies.set('aws-waf-token', result.cookie)
r = session.get('https://api.example.com/protected/list')
print(r.status_code)Replace YOUR_API_KEY with a real key from your dashboard. The token is good for one form submission.
FAQ
- How long does the AWS WAF cookie stay valid?
- Around 5 minutes per origin in most deployments. Cache the cookie in your session across requests within that window — re-solving on every call is wasted spend.
- Does Python requests need any special config?
- No. The aws-waf-token cookie is a standard HTTP cookie — set it via session.cookies and continue making requests as usual. The WAF gateway reads it transparently.
- What if the page also shows a captcha widget?
- Some WAF deployments escalate to a visible captcha. The same AntiAwsWafTask handles both the silent token issuance flow and the visible-widget fallback.
Other AWS WAF stacks
- reCAPTCHA v3 · HTTP / requests · PythonSolve reCAPTCHA v3 from a pure-requests Python script. No browser, no Selenium — just the action-bound token.
- Cloudflare Turnstile · HTTP / requests · PythonPass Cloudflare Turnstile from a pure-requests Python script — no headless browser. Sonic returns the cf-turnstile-response token to POST directly.
How CaptchaSonic compares for this captcha
Feature-by-feature against the four most-mentioned alternatives. Independently benchmarked; numbers refresh quarterly.
| Feature | CaptchaSonic | 2Captcha | CapSolver | Anti-Captcha | CapMonster Cloud |
|---|---|---|---|---|---|
| AI / ML solver (no human relay) | |||||
| Success rate (trailing 30d) | 99.9% | ~95% | ~98% | ~95% | ~97% |
| Proxy + proxyless modes | |||||
| Free trial credits | |||||
| SDK languages (Py, Node, Go, C#, Java, PHP) | 6 | 6 | 4 | 5 | 4 |
| Selenium / Puppeteer / Playwright examples | |||||
| Browser extension | |||||
| Webhook callbacks | |||||
| 99.9% uptime SLA |
Yes / No / Partial reflect publicly documented support. Pricing and solve-time figures snapshot the published rate at the time this page was last updated.
Related guides
- reCAPTCHA Solver
AI bypass for reCAPTCHA v2, v3 and Enterprise.
- hCaptcha Solver
Token solver for hCaptcha and hCaptcha Enterprise.
- API Docs
createTask, getTaskResult, getBalance — full reference.
- GeeTest v3 / v4
Slide, icon, space and gobang puzzles solved.
- MTCaptcha Solver
Token bypass for invisible and visible MTCaptcha.
- AWS WAF Captcha
AWS WAF token solver for the WAF-CAPTCHA challenge.