How to Solve AWS WAF Captcha Token
Sora Fujimoto
AI Solutions Architect
AWS WAF CAPTCHA is a powerful anti-bot mechanism used across Amazon Web Services to block automated or suspicious traffic. Unlike traditional CAPTCHA systems, AWS WAF uses encrypted challenges (JS-based) and strict validation rules.
In this guide, we’ll walk through how AWS WAF CAPTCHA works and how to solve it efficiently using CapSolver.
🧩 Requirements
Before solving AWS WAF CAPTCHA, ensure you have:
-
✔️ CapSolver API Key
-
✔️ Proxy (optional)
- Required only for certain task types
- Some tasks use CapSolver’s internal proxy pool
⚠️ Key Points to Understand
1. Status Code 202 vs 405 — What’s the difference?
-
Status Code 202
OnlyawsChallengeJsis needed -
Status Code 405
Requires all parameters:awsKeyawsIvawsContextawsChallengeJs
2. Ensure the CAPTCHA URL is valid
A correct AWS CAPTCHA challenge page will:
-
Return 405 status code
-
Contain HTML elements:
keyivcontext
Example valid responses:
📌 Save these values:
- Challenge script URL
- Context
- Key
- IV
🧭 Step 1 — Create an AWS WAF CAPTCHA Task
CapSolver supports two task types:
| Task Type | Description |
|---|---|
AntiAwsWafTaskProxyless |
Uses CapSolver’s internal proxy pool |
AntiAwsWafTask |
You must provide your own proxies |
For this tutorial, we use:
👉 AntiAwsWafTaskProxyless
🟣 If status code = 405 (Full parameters required)
json
POST https://api.capsolver.com/createTask
{
"clientKey": "yourapiKey",
"task": {
"type": "AntiAwsWafTaskProxyless",
"websiteURL": "https://efw47fpad9.execute-api.us-east-1.amazonaws.com/latest",
"awsKey": "key value",
"awsIv": "iv value",
"awsContext": "context value",
"awsChallengeJS": "URL of the JS challenge"
}
}🟢 If status code = 202 (Only JS challenge required)
json
POST https://api.capsolver.com/createTask
{
"clientKey": "yourapiKey",
"task": {
"type": "AntiAwsWafTaskProxyless",
"websiteURL": "https://efw47fpad9.execute-api.us-east-1.amazonaws.com/latest",
"awsKey": "",
"awsIv": "",
"awsContext": "",
"awsChallengeJS": "URL of the JS challenge"
}
}This will return a response containing your taskId, which you’ll use in Step 2.
🧾 Step 2 — Retrieve the CAPTCHA Solution
Poll every 3–5 seconds using getTaskResult:
json
POST https://api.capsolver.com/getTaskResult
{
"clientKey": "YOUR_API_KEY",
"taskId": "TASK_ID_FROM_CREATE_TASK"
}A solved token will look like:
✔️ Once solved, create a cookie:
aws-waf-token = <token_from_capsolver>Add this cookie to your session → validated successfully.
🎉 Conclusion
AWS WAF CAPTCHA can be complex due to encryption, context validation, and varying challenge types. However, with CapSolver’s AWS-specific task types, solving it becomes straightforward and reliable.
Using AntiAwsWafTaskProxyless or AntiAwsWafTask, you can:
- Decode encrypted AWS challenges
- Solve CAPTCHA logic
- Generate the required
aws-waf-tokencookie - Automatically pass AWS WAF protection
Start solving AWS WAF CAPTCHA easily using
👉 CapSolver
❓ FAQ
1. What is AWS WAF CAPTCHA?
A JavaScript-based anti-bot challenge used by AWS to block automated traffic.
2. Why do I get status code 405 on CAPTCHA pages?
405 indicates a CAPTCHA challenge that includes:
keyivcontext
These must be decrypted using CapSolver.
3. What parameters do I need to solve AWS WAF CAPTCHA?
Depends on the status code:
- 202 → only
awsChallengeJs - 405 → requires all parameters
4. Does CapSolver support proxyless AWS WAF solving?
Yes. Use AntiAwsWafTaskProxyless.
5. What do I do after obtaining the CAPTCHA solution?
Create a cookie named aws-waf-token with the returned token value.
More
AWS WAFApr 21, 2026
AWS WAF vs Cloudflare: CAPTCHA Solving for Automation (2026 Guide)
Compare AWS WAF vs Cloudflare CAPTCHA challenges. Learn how to solve AWS WAF and Cloudflare Turnstile for web automation with high success rates using CapSolver.
AWS WAFApr 14, 2026
Finding the Most Cost-Effective AWS WAF Solver | Pricing, Performance & Optimization Guide
Looking for a cheap AWS WAF solver per thousand requests? Compare pricing, speed, and accuracy to find the best value for your automation needs.
