Back to Details

gpt-pp-team-protocol-replay

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

gpt-pp-team Protocol Replay Toolkit

gpt-pp-team 协议重放工具包

Skill by ara.so — Daily 2026 Skills collection.
End-to-end protocol replay toolkit for ChatGPT Team subscription covering 
Stripe Checkout → PayPal billing agreement → ChatGPT manual-approval → Codex OAuth + PKCE
. Includes a from-scratch hCaptcha visual solver (12 challenge types) and empirical anti-fraud research data.
⚠️ For authorized security research, CTF, and bug bounty in-scope assets only. Read 
NOTICE
before use.
ara.so开发的技能工具 — 2026每日技能合集。
适用于ChatGPT Team订阅的端到端协议重放工具包,覆盖
Stripe Checkout → PayPal计费协议 → ChatGPT人工审核 → Codex OAuth + PKCE
流程。包含从零构建的hCaptcha视觉求解器(支持12种挑战类型)和实证反欺诈研究数据。
⚠️ 仅授权用于安全研究、CTF竞赛和漏洞赏金计划的目标资产。 使用前请阅读
NOTICE
文件。

Installation

安装

bash
git clone https://github.com/DanOps-1/gpt-pp-team
cd gpt-pp-team
pip install requests curl_cffi playwright camoufox browserforge mitmproxy pybase64
playwright install firefox
camoufox fetch
bash
git clone https://github.com/DanOps-1/gpt-pp-team
cd gpt-pp-team
pip install requests curl_cffi playwright camoufox browserforge mitmproxy pybase64
playwright install firefox
camoufox fetch

ML dependencies for hCaptcha solver (separate venv, ~4 GB)

hCaptcha求解器的ML依赖(需单独虚拟环境,约4 GB)

bash
python -m venv ~/.venvs/ctfml
~/.venvs/ctfml/bin/pip install torch transformers opencv-python pillow numpy
bash
python -m venv ~/.venvs/ctfml
~/.venvs/ctfml/bin/pip install torch transformers opencv-python pillow numpy

System requirements

系统要求

  • Linux with Xvfb (for headless browser automation)
  • ~5 GB disk, ~2 GB RAM minimum
  • EU/US proxy (PayPal region-locked, Stripe country-locked)
  • Cloudflare zone for catch-all subdomain email registration
  • 带有Xvfb的Linux系统(用于无头浏览器自动化)
  • 至少约5 GB磁盘空间、2 GB内存
  • EU/US地区代理(PayPal和Stripe存在区域限制)
  • 用于泛域名邮箱注册的Cloudflare区域

Architecture Overview

架构概述

pipeline.py
  └─> CTF-reg/browser_register.py   (Camoufox + Turnstile)
  └─> CTF-pay/card.py               (Stripe Checkout replay, 8000 lines)
  └─> Stripe confirm + ChatGPT /approve
  └─> Camoufox PayPal billing agreement
  └─> Stripe poll state=succeeded
  └─> Camoufox second login Codex OAuth + PKCE
  └─> output/results.jsonl          (refresh_token)
Key files:
FilePurpose
pipeline.py
Orchestrator, daemon loop, 12-self-healing branches
CTF-pay/card.py
Stripe protocol replay (single file, 8000 lines)
CTF-pay/hcaptcha_auto_solver.py
hCaptcha VLM solver (~4000 lines, standalone)
CTF-reg/browser_register.py
Account registration with Camoufox
webui/server.py
14-step setup wizard + SSE log controller
pipeline.py
  └─> CTF-reg/browser_register.py   (Camoufox + Turnstile)
  └─> CTF-pay/card.py               (Stripe Checkout重放,8000行代码)
  └─> Stripe确认 + ChatGPT /approve
  └─> Camoufox PayPal计费协议
  └─> Stripe轮询状态=succeeded
  └─> Camoufox二次登录Codex OAuth + PKCE
  └─> output/results.jsonl          (refresh_token)
关键文件:
文件用途
pipeline.py
编排器、守护进程循环,包含12个自修复分支
CTF-pay/card.py
Stripe协议重放(单文件,8000行代码)
CTF-pay/hcaptcha_auto_solver.py
hCaptcha VLM求解器(约4000行代码,可独立使用)
CTF-reg/browser_register.py
基于Camoufox的账号注册模块
webui/server.py
14步设置向导 + SSE日志控制器

Configuration

配置

Copy templates

复制模板文件

bash
cp CTF-pay/config.paypal.example.json     CTF-pay/config.paypal.json
cp CTF-reg/config.paypal-proxy.example.json   CTF-reg/config.paypal-proxy.json
bash
cp CTF-pay/config.paypal.example.json     CTF-pay/config.paypal.json
cp CTF-reg/config.paypal-proxy.example.json   CTF-reg/config.paypal-proxy.json

Core config fields (
CTF-pay/config.paypal.json
)

核心配置字段(
CTF-pay/config.paypal.json

json
{
  "proxy": {
    "host": "your-proxy-host",
    "port": 1080,
    "username": "$PROXY_USER",
    "password": "$PROXY_PASS",
    "protocol": "socks5"
  },
  "paypal": {
    "email": "$PAYPAL_EMAIL",
    "password": "$PAYPAL_PASSWORD",
    "country": "IE"
  },
  "cloudflare": {
    "api_token": "$CF_API_TOKEN",
    "zone_id": "$CF_ZONE_ID",
    "domain": "yourdomain.com"
  },
  "vlm": {
    "api_key": "$VLM_API_KEY",
    "base_url": "$VLM_BASE_URL",
    "model": "gpt-4o"
  },
  "captcha_platform": {
    "api_key": "$CAPTCHA_API_KEY",
    "provider": "2captcha"
  },
  "webshare": {
    "api_key": "$WEBSHARE_API_KEY"
  }
}
json
{
  "proxy": {
    "host": "your-proxy-host",
    "port": 1080,
    "username": "$PROXY_USER",
    "password": "$PROXY_PASS",
    "protocol": "socks5"
  },
  "paypal": {
    "email": "$PAYPAL_EMAIL",
    "password": "$PAYPAL_PASSWORD",
    "country": "IE"
  },
  "cloudflare": {
    "api_token": "$CF_API_TOKEN",
    "zone_id": "$CF_ZONE_ID",
    "domain": "yourdomain.com"
  },
  "vlm": {
    "api_key": "$VLM_API_KEY",
    "base_url": "$VLM_BASE_URL",
    "model": "gpt-4o"
  },
  "captcha_platform": {
    "api_key": "$CAPTCHA_API_KEY",
    "provider": "2captcha"
  },
  "webshare": {
    "api_key": "$WEBSHARE_API_KEY"
  }
}

Environment variables

环境变量

bash
export PROXY_USER="your_proxy_username"
export PROXY_PASS="your_proxy_password"
export PAYPAL_EMAIL="your@paypal.com"
export PAYPAL_PASSWORD="your_paypal_password"
export CF_API_TOKEN="your_cloudflare_api_token"
export CF_ZONE_ID="your_cloudflare_zone_id"
export VLM_API_KEY="your_openai_compatible_key"
export VLM_BASE_URL="https://api.openai.com/v1"
export WEBSHARE_API_KEY="your_webshare_key"
export CAPTCHA_API_KEY="your_2captcha_key"
bash
export PROXY_USER="your_proxy_username"
export PROXY_PASS="your_proxy_password"
export PAYPAL_EMAIL="your@paypal.com"
export PAYPAL_PASSWORD="your_paypal_password"
export CF_API_TOKEN="your_cloudflare_api_token"
export CF_ZONE_ID="your_cloudflare_zone_id"
export VLM_API_KEY="your_openai_compatible_key"
export VLM_BASE_URL="https://api.openai.com/v1"
export WEBSHARE_API_KEY="your_webshare_key"
export CAPTCHA_API_KEY="your_2captcha_key"

WebUI Setup Wizard (Recommended for First-Time Setup)

WebUI设置向导(首次推荐使用)

Reduces ~3 hour manual config to ~15 minutes. Generates both config files automatically.
bash
undefined
将约3小时的手动配置缩短至约15分钟,可自动生成两份配置文件。
bash
undefined

Install backend deps

安装后端依赖

pip install -r webui/requirements.txt
pip install -r webui/requirements.txt

Build frontend (one-time)

构建前端(仅需执行一次)

cd webui/frontend && pnpm i && pnpm build && cd ../..
cd webui/frontend && pnpm i && pnpm build && cd ../..

Start wizard

启动向导

python -m webui.server
python -m webui.server

Open http://127.0.0.1:8765 — redirects to /setup on first visit

打开 http://127.0.0.1:8765 — 首次访问将自动跳转到/setup页面


Features:
- 14-step configuration wizard
- Real-time preflight self-checks
- SSE log streaming for live pipeline monitoring
- Generates `CTF-pay/config.auto.json` + `CTF-reg/config.paypal-proxy.json`

For public access via nginx reverse proxy, see `webui/README.md`.

---

功能特性:
- 14步配置向导
- 实时预检自检
- SSE日志流,用于实时监控流水线
- 生成`CTF-pay/config.auto.json` + `CTF-reg/config.paypal-proxy.json`

如需通过nginx反向代理提供公共访问,请查看`webui/README.md`。

---

Running the Pipeline

运行流水线

Single run

单次运行

bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal
bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal

Daemon mode (continuous pool maintenance)

守护进程模式(持续维护账号池)

bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal \
  --daemon
bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal \
  --daemon

Batch mode

批量模式

bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal \
  --batch 10
bash
xvfb-run -a python pipeline.py \
  --config CTF-pay/config.paypal.json \
  --paypal \
  --batch 10

Output

输出结果

Results written to 
output/results.jsonl
:
json
{"email": "user@subdomain.yourdomain.com", "refresh_token": "...", "timestamp": "2026-04-29T00:00:00Z", "status": "success"}
结果将写入
output/results.jsonl
:
json
{"email": "user@subdomain.yourdomain.com", "refresh_token": "...", "timestamp": "2026-04-29T00:00:00Z", "status": "success"}

hCaptcha Solver — Standalone Usage

hCaptcha求解器 — 独立使用

The solver (
CTF-pay/hcaptcha_auto_solver.py
) is independently usable with a 3-layer decision architecture:
  1. VLM primary path — OpenAI-compatible vision model identifies challenge targets
  2. CLIP/OpenCV heuristic fallback — local model, no API needed
  3. Human action synthesis — Playwright realistic mouse movement
求解器(
CTF-pay/hcaptcha_auto_solver.py
)可独立使用,采用三层决策架构:
  1. VLM主路径 — 兼容OpenAI的视觉模型识别挑战目标
  2. CLIP/OpenCV启发式回退 — 本地模型,无需API
  3. 人类动作模拟 — Playwright生成逼真的鼠标移动轨迹

Basic usage

基础用法

python
import asyncio
from CTF-pay.hcaptcha_auto_solver import HCaptchaSolver

async def solve_captcha(page):
    solver = HCaptchaSolver(
        page=page,
        vlm_api_key=os.environ["VLM_API_KEY"],
        vlm_base_url=os.environ["VLM_BASE_URL"],
        vlm_model="gpt-4o",
        clip_venv_path=os.path.expanduser("~/.venvs/ctfml"),
        debug=True
    )
    result = await solver.solve()
    return result  # True if solved, False if failed

asyncio.run(solve_captcha(page))
python
import asyncio
from CTF-pay.hcaptcha_auto_solver import HCaptchaSolver

async def solve_captcha(page):
    solver = HCaptchaSolver(
        page=page,
        vlm_api_key=os.environ["VLM_API_KEY"],
        vlm_base_url=os.environ["VLM_BASE_URL"],
        vlm_model="gpt-4o",
        clip_venv_path=os.path.expanduser("~/.venvs/ctfml"),
        debug=True
    )
    result = await solver.solve()
    return result  # 成功返回True,失败返回False

asyncio.run(solve_captcha(page))

With Playwright + Camoufox

结合Playwright + Camoufox使用

python
import asyncio
from camoufox.async_api import AsyncCamoufox
from CTF_pay.hcaptcha_auto_solver import HCaptchaSolver

async def main():
    async with AsyncCamoufox(headless=True, humanize=True) as browser:
        page = await browser.new_page()
        await page.goto("https://example.com/page-with-hcaptcha")
        
        solver = HCaptchaSolver(
            page=page,
            vlm_api_key=os.environ["VLM_API_KEY"],
            vlm_base_url=os.environ.get("VLM_BASE_URL", "https://api.openai.com/v1"),
            vlm_model="gpt-4o",
        )
        
        success = await solver.solve()
        if success:
            print("hCaptcha solved successfully")
        else:
            print("Solver failed, check logs")

asyncio.run(main())
python
import asyncio
from camoufox.async_api import AsyncCamoufox
from CTF_pay.hcaptcha_auto_solver import HCaptchaSolver

async def main():
    async with AsyncCamoufox(headless=True, humanize=True) as browser:
        page = await browser.new_page()
        await page.goto("https://example.com/page-with-hcaptcha")
        
        solver = HCaptchaSolver(
            page=page,
            vlm_api_key=os.environ["VLM_API_KEY"],
            vlm_base_url=os.environ.get("VLM_BASE_URL", "https://api.openai.com/v1"),
            vlm_model="gpt-4o",
        )
        
        success = await solver.solve()
        if success:
            print("hCaptcha求解成功")
        else:
            print("求解失败,请查看日志")

asyncio.run(main())

Supported challenge types (12)

支持的挑战类型(12种)

  • Image classification (single/multi-select)
  • Bounding box / area selection
  • Drag-and-drop alignment
  • 3D object rotation
  • Text-in-image matching
  • Spatial relationship challenges
  • Count-based selection
  • Sequential ordering
  • Color/pattern matching
  • Object pair matching
  • Scene classification
  • Entity attribute verification
  • 图像分类(单选/多选)
  • 边界框/区域选择
  • 拖放对齐
  • 3D物体旋转
  • 图像文字匹配
  • 空间关系挑战
  • 计数类选择
  • 顺序排列
  • 颜色/图案匹配
  • 物体配对
  • 场景分类
  • 实体属性验证

CLIP-only mode (no VLM API)

仅CLIP模式(无需VLM API)

python
solver = HCaptchaSolver(
    page=page,
    vlm_api_key=None,          # Disables VLM primary path
    clip_venv_path=os.path.expanduser("~/.venvs/ctfml"),
    fallback_only=True
)
python
solver = HCaptchaSolver(
    page=page,
    vlm_api_key=None,          # 禁用VLM主路径
    clip_venv_path=os.path.expanduser("~/.venvs/ctfml"),
    fallback_only=True
)

Daemon Mode — 12-Self-Healing Branches

守护进程模式 — 12个自修复分支

pipeline.py::daemon()
handles these failure conditions automatically:
BranchTriggerRecovery
IP rotationBan detected / probe failWebshare API fetch new IP
CF DNS quotaZone record limit hitClean stale catch-all records
tmpfs orphanCrashed browser profile leftReclaim tmpfs mounts
gost relayRelay process diedRestart watchdog
DataDome sliderSlider CAPTCHA on registrationAuto-drag synthesis
PayPal 2FASession expiredRe-authenticate flow
Stripe fingerprint
runtime.version
drift		Re-align JS checksum
Batch correlationMass ban detectedPause + stagger restart
DNS propagationNew subdomain not resolvingPoll + retry with backoff
OAuth PKCEToken exchange failureRegenerate challenge
Account approvalManual approval queuePoll 
/approve
endpoint
Memory pressureBrowser OOMGraceful restart with GC
pipeline.py::daemon()
可自动处理以下故障场景:
分支触发条件恢复方式
IP轮换检测到封禁/探测失败通过Webshare API获取新IP
CF DNS配额达到区域记录上限清理过期的泛域名记录
tmpfs孤儿进程残留崩溃的浏览器配置回收tmpfs挂载
gost中继中继进程终止重启监控进程
DataDome滑块注册时遇到滑块验证码自动生成拖拽动作
PayPal双因素验证会话过期重新执行认证流程
Stripe指纹
runtime.version
偏移		重新对齐JS校验和
批量关联检测检测到大规模封禁暂停并错开重启时间
DNS传播新子域名无法解析轮询并退避重试
OAuth PKCE令牌交换失败重新生成挑战
账号审核进入人工审核队列轮询
/approve
端点
内存压力浏览器内存溢出带GC的优雅重启

Anti-Fraud Research Data

反欺诈研究数据

Key empirical findings from 
docs/anti-fraud-research.md
:
  • 24-hour survival rate: ~2% across 45 test accounts
  • Mechanism: Batch correlation — accounts registered in same IP/time window get delayed mass ban
  • Probe vs ban layer separation: Initial probe passes, ban fires 6–18 hours later
  • IP fingerprinting: String-level exact match, not subnet-level
python
undefined
来自
docs/anti-fraud-research.md
的关键实证发现:
  • 24小时存活率: 45个测试账号中约2%
  • 机制: 批量关联 — 同一IP/时间窗口注册的账号会被延迟大规模封禁
  • 探测与封禁分层: 初始探测通过,封禁在6–18小时后触发
  • IP指纹识别: 字符串级精确匹配,而非子网级
python
undefined

Access research data programmatically

以编程方式访问研究数据

import json
with open("docs/anti-fraud-research.md") as f: # Raw markdown with embedded JSON samples content = f.read()
import json
with open("docs/anti-fraud-research.md") as f: # 包含嵌入JSON样本的原始markdown内容 content = f.read()

Survival curve model (from research):

存活率曲线模型(来自研究):

P(survival at t hours) ≈ 0.85 * exp(-0.31 * t) for batch size > 5

P(t小时存活) ≈ 0.85 * exp(-0.31 * t) 当批量大小>5时

P(survival at t hours) ≈ 0.60 * exp(-0.08 * t) for batch size == 1

P(t小时存活) ≈ 0.60 * exp(-0.08 * t) 当批量大小==1时


---

---

Protocol Chain — Key Endpoints

协议链 — 关键端点

Documented from packet capture (
mitmproxy
intercept):
POST https://checkout.stripe.com/pay/{session_id}
  → Stripe payment intent confirm

POST https://api.openai.com/dashboard/billing/stripe/confirm
  → ChatGPT billing linkage

GET  https://api.openai.com/dashboard/billing/subscription/approve?token={t}
  → Manual approval poll

POST https://www.paypal.com/agreements/approve
  → PayPal billing agreement

GET  https://auth.openai.com/authorize
  → Codex OAuth + PKCE initiation

POST https://auth.openai.com/oauth/token
  → refresh_token exchange
通过数据包捕获(
mitmproxy
拦截)记录:
POST https://checkout.stripe.com/pay/{session_id}
  → Stripe支付意图确认

POST https://api.openai.com/dashboard/billing/stripe/confirm
  → ChatGPT计费关联

GET  https://api.openai.com/dashboard/billing/subscription/approve?token={t}
  → 人工审核轮询

POST https://www.paypal.com/agreements/approve
  → PayPal计费协议

GET  https://auth.openai.com/authorize
  → Codex OAuth + PKCE初始化

POST https://auth.openai.com/oauth/token
  → refresh_token交换

Stripe Runtime Fingerprint Maintenance

Stripe运行时指纹维护

card.py
embeds Stripe JS runtime fingerprints that drift every few weeks:
python
undefined
card.py
中嵌入的Stripe JS运行时指纹每隔几周会发生偏移:
python
undefined

In CTF-pay/card.py — fields to re-align after Stripe updates:

在CTF-pay/card.py中 — Stripe更新后需要重新对齐的字段:

STRIPE_RUNTIME = { "runtime_version": "5.104.0", # Check stripe.js version "js_checksum": "sha256-...", # Recompute from live stripe.js "rv_timestamp": 1714000000, # Update to current epoch }
STRIPE_RUNTIME = { "runtime_version": "5.104.0", # 查看stripe.js版本 "js_checksum": "sha256-...", # 从实时stripe.js重新计算 "rv_timestamp": 1714000000, # 更新为当前时间戳 }

To re-capture current values:

重新捕获当前值的方法:

1. Open browser devtools on any Stripe Checkout page

1. 在任意Stripe Checkout页面打开浏览器开发者工具

2. Network tab → filter "stripe" → find runtime init request

2. 网络标签页 → 过滤"stripe" → 找到运行时初始化请求

3. Extract from request payload or JS source

3. 从请求负载或JS源码中提取值


---

---

Debugging

调试

Common failures

常见故障

PayPal OTP loop
 — First run requires manual 2FA:
bash
undefined
PayPal OTP循环
 — 首次运行需要手动完成双因素验证:
bash
undefined

Run without --daemon first, complete OTP manually

先不使用--daemon运行,手动完成OTP

xvfb-run -a python pipeline.py --config CTF-pay/config.paypal.json --paypal --interactive

**`hCaptcha VLM timeout`** — VLM API unreachable:
```bash
xvfb-run -a python pipeline.py --config CTF-pay/config.paypal.json --paypal --interactive

**`hCaptcha VLM超时`** — VLM API无法访问:
```bash

Test VLM connectivity

测试VLM连通性

python -c " import openai, os client = openai.OpenAI(api_key=os.environ['VLM_API_KEY'], base_url=os.environ.get('VLM_BASE_URL')) print(client.models.list()) "

**`Stripe fingerprint mismatch`** — Protocol drift:
```bash
python -c " import openai, os client = openai.OpenAI(api_key=os.environ['VLM_API_KEY'], base_url=os.environ.get('VLM_BASE_URL')) print(client.models.list()) "

**`Stripe指纹不匹配`** — 协议偏移:
```bash

Check card.py STRIPE_RUNTIME block, compare to live stripe.js

检查card.py中的STRIPE_RUNTIME块,与实时stripe.js对比

Use mitmproxy to capture fresh values:

使用mitmproxy捕获新值:

mitmproxy --mode upstream:http://your-proxy:1080 -s CTF-pay/capture_stripe.py

**`CF DNS quota exceeded`**:
```bash
mitmproxy --mode upstream:http://your-proxy:1080 -s CTF-pay/capture_stripe.py

**`CF DNS配额超限`**:
```bash

Manual cleanup

手动清理

python -c " import requests, os headers = {'Authorization': f'Bearer {os.environ["CF_API_TOKEN"]}'} r = requests.get(f'https://api.cloudflare.com/client/v4/zones/{os.environ[\"CF_ZONE_ID\"]}/dns_records?per_page=100', headers=headers) print(f'Record count: {len(r.json()["result"])}') "

**`Camoufox not found`**:
```bash
camoufox fetch
python -c "from camoufox.async_api import AsyncCamoufox; print('OK')"
python -c " import requests, os headers = {'Authorization': f'Bearer {os.environ["CF_API_TOKEN"]}'} r = requests.get(f'https://api.cloudflare.com/client/v4/zones/{os.environ[\"CF_ZONE_ID\"]}/dns_records?per_page=100', headers=headers) print(f'记录数量: {len(r.json()["result"])}') "

**`Camoufox未找到`**:
```bash
camoufox fetch
python -c "from camoufox.async_api import AsyncCamoufox; print('OK')"

Artifact paths

工件路径

output/results.jsonl          # Successful refresh_tokens
output/failed/                # Per-attempt failure dumps
output/screenshots/           # Browser screenshots at failure point
output/mitmproxy-*.har        # Protocol capture (if enabled)
/tmp/ctf-*/                   # tmpfs browser profiles (cleaned by daemon)
output/results.jsonl          # 成功获取的refresh_tokens
output/failed/                # 每次尝试的失败转储
output/screenshots/           # 故障发生时的浏览器截图
output/mitmproxy-*.har        # 协议捕获文件(若启用)
/tmp/ctf-*/                   # tmpfs浏览器配置文件(守护进程会清理)

Enable verbose logging

启用详细日志

bash
export CTF_DEBUG=1
export CTF_SCREENSHOT_ON_ERROR=1
xvfb-run -a python pipeline.py --config CTF-pay/config.paypal.json --paypal --verbose
bash
export CTF_DEBUG=1
export CTF_SCREENSHOT_ON_ERROR=1
xvfb-run -a python pipeline.py --config CTF-pay/config.paypal.json --paypal --verbose

Contributing

贡献指南

Priority contributions (by impact):
  1. New hCaptcha challenge type solvers — provide 
    round.json
    with challenge data + solution
  2. Protocol adaptations when Stripe/PayPal/OpenAI break — include packet capture diff
  3. New daemon self-healing branches — include trigger log + recovery log
  4. Anti-fraud empirical data — follow anonymization pattern in existing research doc
PR requirements (no evidence = auto-close):
  • Solver PRs: 
    round.json
    with challenge rounds
  • Protocol PRs: packet capture before/after comparison
  • Daemon PRs: trigger log + successful recovery log
优先级贡献(按影响排序):
  1. 新hCaptcha挑战类型求解器 — 提供包含挑战数据和解决方案的
    round.json
  2. Stripe/PayPal/OpenAI更新后的协议适配 — 包含数据包捕获差异
  3. 新增守护进程自修复分支 — 包含触发日志和恢复日志
  4. 反欺诈实证数据 — 遵循现有研究文档中的匿名化模式
PR要求(无证据将自动关闭):
  • 求解器PR: 附带
    round.json
    挑战轮次数据
  • 协议PR: 附带更新前后的数据包捕获对比
  • 守护进程PR: 附带触发日志和成功恢复日志

Legal Boundary

法律边界

Permitted: Systems you own, legitimate CTF competitions, authorized bug bounty in-scope assets, security research with platform permission.
Prohibited: Fraud, payment circumvention, bulk account resale, ToS violations, unauthorized targets.
Full terms: 
NOTICE
file in repo root. MIT license applies to code; 
NOTICE
governs usage rights.
允许使用场景: 你拥有的系统、合法CTF竞赛、授权漏洞赏金计划目标资产、获得平台许可的安全研究。
禁止使用场景: 欺诈、支付规避、批量账号转售、违反服务条款、未授权目标。
完整条款: 仓库根目录下的
NOTICE
文件。代码采用MIT许可证;
NOTICE
文件规范使用权限。