Skip to content

MFA and Captcha Support

The Browser Actions authentication preset supports Time-based One-Time Password (TOTP) multi-factor authentication and simple captcha solving during the authentication flow.

MFA Authentication

Email and SMS-Based MFA

For authentication flows that send a verification code or magic link by email, see Email-Based Authentication.

SMS-based multi-factor authentication support is planned for Q2 2026.

TOTP codes are automatically generated from a provided secret and filled into the authentication form. The TOTP secret must be provided in the same format as used by authenticator applications (e.g., Google Authenticator, Authy).

Example: Login with TOTP

presets:
-   type: browser_actions
    login_url: https://example.com/login
    users:
    -   username: user@example.com
        actions:
        -   action: fill
            locator: input[name="username"]
            value: user@example.com
        -   action: fill
            locator: input[name="password"]
            value: password123
        -   action: click
            locator: button[type="submit"]
        -   action: wait_element
            locator: input[name="totp_code"]
            timeout: 10
        -   action: fill_totp
            locator: input[name="totp_code"]
            secret: JBSWY3DPEHPK3PXP
            auto_submit: true

The fill_totp action generates a TOTP code from the provided secret and fills it character by character into the specified field. The auto_submit option can be enabled to automatically submit the form after the code is entered.

Captcha Solving

Advanced Captcha Protection

For advanced captcha systems (e.g., reCAPTCHA, hCaptcha, Cloudflare Turnstile), automatic solving is not supported. These systems require IP allowlisting to bypass captcha challenges. Refer to the Firewall Configuration documentation to configure IP allowlisting for Escape's Public Locations.

Simple text-based captchas are solved automatically using AI vision capabilities. The captcha image is captured from the page and analyzed to extract the text, which is then filled into the captcha input field.

Example: Login with Captcha

presets:
-   type: browser_actions
    login_url: https://example.com/login
    users:
    -   username: user@example.com
        actions:
        -   action: fill
            locator: input[name="username"]
            value: user@example.com
        -   action: fill
            locator: input[name="password"]
            value: password123
        -   action: solve_captcha
            locator: input[name="captcha"]
            auto_submit: false
        -   action: click
            locator: button[type="submit"]

The solve_captcha action captures a screenshot of the page, extracts the captcha text, and fills it into the specified field. The form submission must be handled by a subsequent action unless auto_submit is enabled.