A fruit's GSA login is an improvement on the standard SRP6a, It is very difficult to spell out each parameter of SRP through plain text parameters. Only by reading its js can we get the SRP login process. The parameters are as follows: N is a large prime number of 2048 bits. From RFC5054-2048. The document is big-endian. Display fixed value g In this case, it is 2. Fixed value salt sent by the server username username password password. The password involved in SRP arithmetic operations is not plain text privateKey client private key a client public key b server response public key iteration protocol M1,M2: verification password These parameters are constantly being encrypted with sha256 combination. The following is the result after I encrypted it and compared it with the one on the website. They are exactly the same, so the problem of m1 and m2 is solved. www.clearcaptcha.com There is nothing special about this website, just any captcha and shield can be solved and bypassed Can solve the following captcha: recaptcha V2&V3&Enterprise, hcaptcha, akamai, Perimeterx _px2, Perimeterx _px3, Incapsula, reese84, __utmvc, TLS, shape, datadome, kasada, aws-waf-token, akamai bmp, Shape/F5