/v1/continue gives an internal error occurred 403 Forbidden

Help and Feedback Scripting Support
, ,
#1

Hey, as my project, we can call “side quest” I’m trying to see how the captcha of Roblox works so I tried some stuff and figured some stuff out but then I came across an error that I can’t understand. When I finish the captcha I should send Roblox that captcha information so it can verify(?) and approve(?) the captcha so it can be used anywhere, in my case easiest one I thought was using on login but that’s not on point. Everything works fine but now on /v1/continue there’s a 1% chance it will approve my captcha and there is a 99% chance it will not, I just received the following response:

statusCode	403
statusText	"Forbidden"
errors	[ {
  code	1
  message	"an internal error occurred"
} ]

I’m trying to keep it simple and stay in PHP, I figured out everything but not this one, it just has 0 logic behind it and I hope any smart individual can help me with this. I know this seems wrong when it’s my personal project and I should fix it myself but I can’t help it to see the answer.

My code for it looks like the following:

<?php

function getallheadersFallback() {
    $headers = [];
    foreach ($_SERVER as $name => $value) {
        if (substr($name, 0, 5) === 'HTTP_') {
            $headerName = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
            $headers[$headerName] = $value;
        }
    }
    return $headers;
}

$headers = getallheadersFallback();
$csrfToken = isset($headers['X-CSRF-Token']) ? $headers['X-CSRF-Token'] : null;


$bodyData = json_encode([
    'challengeId' => $_POST["challengeId"],
    'challengeType' => 'captcha',
    'challengeMetadata' => json_encode([
        'unifiedCaptchaId' => $_POST["unifiedCaptchaId"],
        'captchaToken' => $_POST["captchaToken"],
        'actionType' => 'Login'
    ])
]);

$ch = curl_init('https://apis.roblox.com/challenge/v1/continue');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $bodyData);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json;charset=UTF-8',
    'X-Csrf-Token: ' . $csrfToken
]);
$response = curl_exec($ch);

if(curl_errno($ch)) {
    echo 'Curl error: ' . curl_error($ch);
} else {
    echo $response;
}

curl_close($ch);

Thanks in advance.

1 Like
#2

please use node js or something else instead of php :pray: it can get messy very quickly

thats probably done on purpose to make captcha solving more difficult theres probably dynamic unique data being sent to server that is able to identify if its a real valid request or not

#3

the captcha roblox uses is named funcaptcha that is also used in other companies one of them being minecraft if you do manage to bypass the captcha you will be violating tos most likely

#4

I’d rather use PHP, I’m not planning on using it for something big lol just a personal experiment

Wish I knew, there are some phishing websites as I know that get past that part.

I know what it is named and who is it made by, figured it out somehow also I’m not “bypassing” the captcha, I’m just trying to learn how this captcha works :innocent: even tho you are helping me bump post, you aren’t helping me on the case, I already figured most of it but still thanks tho.