Extension for browsers

For business

Pricing

Blog

Docs

English

Yidun (NECaptcha)
and CapMonster Cloud

Captcha solving, website integration, and testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses Yidun (NECaptcha), the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate Yidun (NECaptcha) so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is Yidun CAPTCHA

Yidun is a modern anti-bot system developed by NetEase. It is based on analyzing user behavior and does not require the user to complete a task. The system tracks mouse movements, gestures, action speed, network context, and other “behavioral metrics”, and then uses ML (machine learning) to determine whether the visitor is a human or a bot.

Examples of Yidun (NECaptcha)

Smart Captcha

An intelligent bot-protection system that automatically recognises trustworthy users and lets them pass without extra actions. Suspicious visitors undergo additional verification.

Slide Captcha

A popular visual captcha type where the user must drag a slider to assemble a small puzzle.

Icon Click Captcha

Requires the user to click specific icons or image elements in a given sequence.

How to solve Yidun using CapMonster Cloud

When testing forms protected with Yidun, you often need to verify that the captcha works correctly and is integrated properly.

You can manually test the captcha added to your site:

Open the page with the form and make sure the captcha is displayed.
Try submitting the form without completing the captcha — the server should return an error.
After solving the captcha successfully, the form should submit without errors.

For automatic captcha solving, you can use specialized services such as CapMonster Cloud — a tool that accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. You can insert this token into your form to pass verification without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this stage you send your API key, captcha type and parameters. The service returns a unique taskId which you can later use to fetch the result.

Sending an API request

To solve a Yidun captcha you must specify the following parameters:

type - YidunTask

websiteURL - the full URL of your page with the captcha;

websiteKey - the value of the siteKey;

userAgent - Browser User-Agent. Pass only an up-to-date Windows UA.

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:


{
  "clientKey": "API_KEY",
  "task": {
    "type": "YidunTask",
    "websiteURL": "https://www.example.com",
    "websiteKey": "6cw0f0485d5d46auacf9b735d20218a5",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36"
  }
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:


{
  "errorId": 0,
  "errorCode": null,
  "errorDescription": null,
  "solution": {
    "token": "CN31_9AwsPmaYcJameP_09rA0vkVMQsPij...RXTlFJFc3"
  },
  "status": "ready"
}

Placing the token on the page

The received token can be inserted into a hidden form field or used by invoking a JS function on the site to confirm the solution. After that, the server will accept the form as properly completed. For automation and testing, tools such as Puppeteer, Selenium, or Playwright are convenient — they can emulate user actions, insert tokens, and submit forms.

Solving Yidun CAPTCHA using ready-to-use libraries

CapMonster Cloud provides ready-made libraries for Python, JavaScript (Node.js) and C#.

Python

JavaScript

Solving, inserting token, and submitting form

Node.js example for the full captcha-solving flow on your webpage. Possible approaches: use HTTP requests to retrieve HTML and protection parameters, send the response and process the result. Or use automation tools (e.g., Playwright) — open the page, wait for checks to complete, send parameters to CapMonster Cloud, receive the result, insert the token into the form, and observe the result.


// npm install playwright @zennolab_com/capmonstercloud-client
// npx playwright install chromium
import { chromium } from "playwright";
import { CapMonsterCloudClientFactory, ClientOptions, YidunRequest } from "@zennolab_com/capmonstercloud-client";

(async () => {
  //  Settings
  const TARGET_URL = "https://example.com/";
  const WEBSITE_KEY = "6cw0f0485d5d46auacf9b735d20218a5";   // your Yidun siteKey
  const CMC_API_KEY = "YOUR_API_KEY"; // your CapMonster Cloud API key

  // 1) Launching the browser
  const browser = await chromium.launch({ headless: false });
  const page = await browser.newPage();
  await page.goto(TARGET_URL, { waitUntil: "domcontentloaded" });

  const cmc = CapMonsterCloudClientFactory.Create(
    new ClientOptions({ clientKey: CMC_API_KEY })
  );

  // 2) Sending a request to solve Yidun captcha
  const solution = await cmc.Solve(
    new YidunRequest({
      websiteURL: TARGET_URL,
      websiteKey: WEBSITE_KEY,
      userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36"
    })
  );

  const token = solution.solution.token; // Receiving the Yidun token
  console.log("Yidun token:", token);

  // 3) Inserting the token into a hidden field and submitting the form
  await page.evaluate((t) => {
    // Finding the hidden input for the token (replace with your value)
    const input = document.querySelector('input[name="NECaptchaValidate"]');
    if (input) input.value = t;

    // Submitting the form, if present on the page
    const form = document.querySelector("form");
    if (form) form.submit();
  }, token);

  console.log("Yidun captcha solved, token inserted, form submitted!");
})();

You can also test captcha solving using the CapMonster Cloud browser extension, which allows quick testing directly on the page and shows the solving process in real time — available for Chrome and Firefox.

How to integrate Yidun (NECaptcha) into your website

To confidently understand how the captcha works on your site, how its validation logic functions, and how to configure or reconfigure it, we recommend reading this section. It describes the full integration process so you can easily understand all the details.

1. Go to the dashboard: create an account (using phone or email).

2. In the dashboard select: 产品与服务 → 验证码服务 (Captcha Service).

3. Create a new project (应用).

4. As a result, you will receive:

captchaId
secretKey

5. Example of Yidun frontend integration


<!-- Connecting the Yidun script -->
<script src="https://cstaticdun.126.net/load.min.js"></script>

<!-- Container for the captcha -->
<div id="captcha"></div>

<script>
// Initializing the captcha
initNECaptcha({
    captchaId: "YOUR_CAPTCHA_ID", // your captchaId from the Yidun dashboard
    element: "#captcha",          // where to insert the captcha widget

    // Triggered after successful completion
    onVerify: (err, data) => {
        if (!err) {
            // data.validate -- captcha token
            // Save it in a hidden form field
            document.querySelector("#validate").value = data.validate;
        }
    }
});
</script>

<!-- Form that sends validate to your server -->
<form method="POST" action="/verify">
    <!-- The captcha will write the token here -->
    <input type="hidden" id="validate" name="NECaptchaValidate">

    <button>Submit</button>
</form>

6. Server-side Yidun validation (PHP example)


<?php

// Data from the Yidun dashboard
$CAPTCHA_ID = "YOUR_CAPTCHA_ID";
$SECRET_ID  = "YOUR_SECRET_ID";

// Receiving the token from the frontend
$validate = $_POST["NECaptchaValidate"] ?? null;

// If no token — return error
if (!$validate) {
    echo "Captcha not passed";
    exit;
}

// Preparing the POST request
$url = "https://c.dun.163yun.com/api/v2/verify";

$postData = http_build_query([
    "captchaId" => $CAPTCHA_ID,
    "secretId"  => $SECRET_ID,
    "validate"  => $validate
]);

// Sending the request to Yidun
$opts = [
    "http" => [
        "method"  => "POST",
        "header"  => "Content-Type: application/x-www-form-urlencoded",
        "content" => $postData
    ]
];

$context  = stream_context_create($opts);
$result   = file_get_contents($url, false, $context);

// Decoding JSON
$data = json_decode($result, true);

// Checking the result
if ($data["result"] === true) {
    echo "Captcha passed successfully";
} else {
    echo "Verification error: " . json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
}

Possible errors and debugging

Invalid parameters

The captcha does not display or returns errors if captchaId or businessId is incorrect, if load.min.js is not included, or if access to Yidun resources is blocked. Check captchaId, businessId, correct connection to https://cstaticdun.126.net/load.min.js and make sure no CSP/firewall blocks it.

Timeout or initialization errors

The SDK returns 1004 or -1 when initialization fails. Increase timeout, check the network connection, and enable SDK logging.

Empty or incorrect validate token

Validate = null or result: false on the server. Make sure the captcha is completed, the token is not expired, not reused, and captchaId/secretId match both frontend and server.

Signature error

The server returns a signature error when parameters are sorted incorrectly or the key is wrong. Sort parameters alphabetically, use the correct secret key and HMAC-SHA algorithm, and enable logging.

Network errors during verification

Timeout, DNS, SSL, or incorrect request format. Send requests to https://c.dun.163yun.com/api/v2/verify, use Content-Type: application/x-www-form-urlencoded, and log responses.

Protection resilience checks

Try submitting a request without solving the captcha — the server should return success: false.

Perform load testing (e.g., with k6 or JMeter) at more than 100 RPS — the captcha should remain stable.

Test server reaction to expired or reused tokens — expected response: 403 Forbidden.

Security and optimization tips

Validate the token only on the server.

Store the secret key securely (environment variables or secret manager).

Check additional fields (e.g., userIP, scene) to confirm request legitimacy.

Use HTTPS for all API requests.

Implement error handling and show clear messages to the user.

Restrict captchaId usage by domain.

Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of Yidun (NECaptcha), it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify Yidun (NECaptcha) and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Helpful links

Registration in the NetEase Yidun system →

Yidun documentation →

CapMonster Cloud documentation (Yidun) →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

Yidun (NECaptcha) and CapMonster Cloud

Yidun (NECaptcha)
and CapMonster Cloud