Automated mass account registration bypassing captcha and SMS verification

[Good Carder]

From a carder to carders. Manual account registration is so last century. When you need 10-20 profiles, you can sit around, solve captchas, and wait for SMS. But when it comes to hundreds or thousands of accounts for drops, checkers, or bonus farming, manual work turns into hell. In 2027, the stakes are high: every registration must be unique, every account must have a clean IP address, a unique fingerprint, SMS confirmation, and often a captcha solution.

In this article, I'll cover the full cycle of automated mass account registration. You'll learn how antidetect browsers work, how to replace fingerprints, how to solve captchas via API, how to receive SMS messages on virtual numbers, and how to rotate proxies. Finally, a real-life case study: registering 100 accounts on a crypto exchange without KYC in an hour.

Part 1. Tools: Antidetect browsers and their APIs​

The antidetect browser is the foundation. It replaces fingerprints (Canvas, WebGL, AudioContext, font list) and creates a unique environment for each account. But manually creating profiles in the GUI also takes time. We need an API.

1.1. Dolphin Anty API​

Dolphin Anty is one of the most popular antidetect programs with a fairly convenient API for automation.

import requests

API_KEY = "your_api_key"
headers = {"Authorization": f"Bearer {API_KEY}"}

# Create a profile
profile_data = {
"name": "Account_1",
"platform": "anty",
"os": "win",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"proxy": "proxy_user:proxy_pass@192.168.1.1:8080",
"webgl": True,
"canvas": True,
"audio": True,
"fonts": True
}
response = requests.post("https://anty-api.com/v1/profiles", json=profile_data, headers=headers)
profile_id = response.json()["id"]
print(f"Profile created: {profile_id}")

1.2. Octo Browser API​

Octo Browser also provides an API for creating and managing profiles, with deeper fingerprint customization.

import requests

OCTO_API_KEY = "your_octo_key"
headers = {"X-API-Key": OCTO_API_KEY, "Content-Type": "application/json"}

profile_payload = {
"name": "Octo_Profile_1",
"browser_type": "chromium",
"os": "windows",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36",
"proxy": "socks5://user:pass@proxy:1080",
"webgl": {
"vendor": "Google Inc. (Intel)",
"renderer": "ANGLE (Intel, Intel(R) UHD Graphics 630 Direct3D11 vs_5_0 ps_5_0)"
 },
"webrtc": "disabled",
"canvas": "noise"
}
response = requests.post("https://api.octobrowser.net/v1/profiles", json=profile_payload, headers=headers)
print(response.json())

1.3. GoLogin API​

GoLogin (formerly known as Indigo) also supports automation via API. Their approach is cloud-based profiles, which is convenient for distributed registration.

import requests
import json

GOLOGIN_TOKEN = "your_gologin_token"
profile = {
"name": "Gologin_Profile",
"domain": "https://target-site.com",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36",
"proxy": "http://user:pass@proxy:8080",
"webglImage": "https://example.com/webgl.png",
"canvas": "noise",
"audioContext": True
}
response = requests.post("https://api.gologin.com/v2/browser-profiles", json=profile, headers={"Authorization": f"Bearer {GOLOGIN_TOKEN}"})
print(response.json())

Part 2. Fingerprint Replacement: How to Make Each Profile Unique​

Simply creating a profile isn't enough. You need to ensure that each profile has a unique fingerprint. Modern antifraud systems collect hundreds of parameters.

2.1. Generating Unique Parameters​

The best way is to generate each parameter randomly, but within realistic ranges.

import random
import json

def generate_unique_fingerprint():
user_agents = [
 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36",
 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36",
 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Safari/605.1.15",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36"
]
webgl_vendors = ["Google Inc. (Intel)", "NVIDIA Corporation", "Advanced Micro Devices, Inc."]
webgl_renderers = [
 "ANGLE (Intel, Intel(R) UHD Graphics Direct3D11 vs_5_0 ps_5_0)",
 "ANGLE (NVIDIA, NVIDIA GeForce RTX 3060 Direct3D11 vs_5_0 ps_5_0)",
"ANGLE (AMD, AMD Radeon RX 580 Direct3D11 vs_5_0 ps_5_0)"
]
screen_resolutions = [(1920,1080), (1366,768), (1536,864), (2560,1440)]
    
fingerprint = {
"userAgent": random.choice(user_agents),
"webglVendor": random.choice(webgl_vendors),
"webglRenderer": random.choice(webgl_renderers),
"screenWidth": random.choice(screen_resolutions)[0],
"screenHeight": random.choice(screen_resolutions)[1],
"language": random.choice(["en-US", "en-GB", "ru-RU"]),
"timezone": random.choice(["America/New_York", "Europe/London", "Asia/Tokyo"])
}
 return fingerprint

Part 3. Bypassing Captcha via API​

Captcha (reCAPTCHA, hCaptcha, Turnstile) is the main enemy of automation. It can be solved manually, but at scale, it's unrealistic. We use solver services.

3.1. CapSolver API​

CapSolver is one of the best captcha solving services in 2026–2027. It supports reCAPTCHA v2/v3, hCaptcha, and Turnstile.

import capsolver
capsolver.api_key = "YOUR_CAPSOLVER_API_KEY"

def solve_captcha(site_key, page_url, captcha_type="ReCaptchaV2TaskProxyless"):
task = {
"type": captcha_type,
"websiteURL": page_url,
"websiteKey": site_key
}
solution = capsolver.solve(task)
return solution.get("gRecaptchaResponse")

3.2. 2Captcha API​

A cheaper, but less reliable option.

from twocaptcha import TwoCaptcha

solver = TwoCaptcha('YOUR_2CAPTCHA_API_KEY')
result = solver.recaptcha(sitekey='site_key', url='https://target.com')
token = result['code']

Integration with Puppeteer:

const page = await browser.newPage();
await page.goto('https://target.com');
const siteKey = await page.$eval('.g-recaptcha', el => el.getAttribute('data-sitekey'));

// Obtain a token via the API (say, via an HTTP request to the server)
const token = await getTokenFrom2Captcha(siteKey, page.url());

// Insert the token and submit the form
await page.evaluate((token) => {
document.getElementById('g-recaptcha-response').innerHTML = token;
}, token);
await page.click('#submit');

Part 4. Receiving SMS on virtual numbers (SMS-activate, 5SIM)​

SMS confirmation is often required upon registration. Virtual numbers are inexpensive and fast.

4.1. SMS-activate API​

One of the largest services with support for many countries and services.

import requests

API_KEY = "YOUR_SMS_ACTIVATE_KEY"
country = 0 # 0 - any country
service = "tg" # Telegram

# Obtaining a number
response = requests.get(f"https://sms-activate.org/stubs/handler_api.php?api_key={API_KEY}&action=getNumber&service={service}&country={country}")
data = response.text.split(":")
if data[0] == "ACCESS_NUMBER":
activation_id = data[1]
phone_number = data[2]
print(f"Phone: {phone_number}, ID: {activation_id}")

# Waiting for SMS
while True:
status_response = requests.get(f"https://sms-activate.org/stubs/handler_api.php?api_key={API_KEY}&action=getStatus&id={activation_id}")
if "STATUS_OK" in status_response.text:
code = status_response.text.split(":")[1]
print(f"SMS code: {code}")
break
time.sleep(5)

4.2. 5sim API​

An alternative service with a transparent API.

import requests

API_KEY = "YOUR_5SIM_API_KEY"
country = "usa"
operator = "any"
product = "google"

headers = {"Authorization": f"Bearer {API_KEY}"}
response = requests.get(f"https://5sim.net/v1/user/buy/activation/{country}/{operator}/{product}", headers=headers)
data = response.json()
phone = data["phone"]
id = data["id"]

# Waiting for code
response = requests.get(f"https://5sim.net/v1/user/check/{id}", headers=headers)
code = response.json().get("code")

Part 5. Proxy Rotation and IP Uniqueness​

Each account must be registered from a unique IP address. Data center proxies expire instantly. Residential or mobile proxies only.

5.1. Residential proxy pool​

We purchase a pool from a trusted provider (Proxy-Seller, IPRoyal, SOAX). We receive a list of IP addresses.

import random

proxy_list = [
 "http://user:pass@proxy1:8080",
 "http://user:pass@proxy2:8080",
# ... hundreds of proxies
]

def get_random_proxy():
return random.choice(proxy_list)

5.2. Proxy Manager for Python​

We're creating a simple manager that tracks proxy usage and prevents limits from being exceeded.

from collections import defaultdict
import time

class ProxyManager:
def __init__(self, proxies, max_uses_per_proxy=5, cooldown_seconds=60):
self.proxies = proxies
self.usage_count = defaultdict(int)
self.last_used = defaultdict(float)
self.max_uses = max_uses_per_proxy
self.cooldown = cooldown_seconds

def get_proxy(self):
for proxy in self.proxies:
if self.usage_count[proxy] < self.max_uses and (time.time() - self.last_used[proxy]) > self.cooldown:
self.usage_count[proxy] += 1
self.last_used[proxy] = time.time()
 return proxy
raise Exception("No proxies available")

Part 6. Full Pipeline: Registering 100 Accounts in an Hour​

6.1. Pipeline Architecture​

1. Profile Generator – creates a unique fingerprint for each account.
2. Proxy Manager - provides a free residential proxy.
3. Antidetect API – creates a profile in Dolphin/Octo.
4. Automator - uses Puppeteer/Playwright to fill out the registration form.
5. Captcha Solver - solves captcha via API.
6. SMS receiver - receives the code via a virtual number.
7. Logger - saves successful accounts to the database.

6.2. A simplified Python example using Playwright​

import asyncio
from playwright.async_api import async_playwright
import capsolver

async def register_account(proxy, fingerprint, phone_service):
async with async_playwright() as p:
# We use a proxy and a custom user-agent
browser = await p.chromium.launch(proxy={"server": proxy})
context = await browser.new_context(
user_agent=fingerprint["userAgent"],
viewport={"width": fingerprint["screenWidth"], "height": fingerprint["screenHeight"]},
locale=fingerprint["language"],
timezone_id=fingerprint["timezone"]
)
page = await context.new_page()

# Go to the registration page
await page.goto("https://target-crypto-exchange.com/signup")

# Filling out the form
await page.fill("#email", f"user_{random.randint(10000,99999)}@mail.com")
await page.fill("#password", "StrongP@ssw0rd123!")

# Solving captcha (let's say Turnstile)
site_key = await page.get_attribute(".cf-turnstile", "data-sitekey")
token = capsolver.solve({"type": "AntiTurnstileTaskProxyLess", "websiteURL": page.url, "websiteKey": site_key})
await page.evaluate(f"turnstile.render('.cf-turnstile', {{'sitekey': '{site_key}', 'callback': function(token) {{document.getElementById('cf-turnstile-response').value = token;}}}});")
await page.evaluate(f"document.getElementById('cf-turnstile-response').value = '{token}'")

# Obtaining a number via the SMS service
phone, activation_id = phone_service.get_number()
await page.fill("#phone", phone)
await page.click("#send_sms")

# Waiting for a code
code = phone_service.wait_for_code(activation_id)
await page.fill("#sms_code", code)

# Confirming registration
await page.click("#submit")

# Checking for success
await page.wait_for_selector(".success-message", timeout=30000)
print("Account registered successfully")
return True

[HEADING=3]6.3 Scaling: Asynchronous Queue[/HEADING]
For 100 accounts, we use asyncio with a concurrency limit of 5–10. Too many concurrent sessions result in IP blocking, even with proxy rotation.

[CODE=Python]
async def main():
proxies = load_proxies()  # 50+ прокси
fingerprints = [generate_unique_fingerprint() for _ in range(100)]
phone_service = SMSActivateService()  # или 5sim
    
semaphore = asyncio.Semaphore(5)  # No more than 5 simultaneous registrations
    
async def bounded_register(proxy, fp):
async with semaphore:
return await register_account(proxy, fp, phone_service)
    
tasks = [bounded_register(proxies[i % len(proxies)], fp) for i, fp in enumerate(fingerprints)]
results = await asyncio.gather(*tasks)
print(f"Success: {sum(results)} / {len(results)}")

asyncio.run(main())

Part 7. OPSEC and the Checklist​

• Antidetect. Use the API for bulk profile creation. No GUI required.
• Proxies. Residential or mobile only. Data centers won't work.
• Captcha. CapSolver for Turnstile/reCAPTCHA, 2Captcha for the budget option.
• SMS. SMS-activate or 5SIM. No personal numbers.
• Fingerprint. Generate unique parameters for each account. No duplicates.
• Speed. No more than 5-10 concurrent registrations. Any higher will result in blocking.
• Logging. Save logins, passwords, proxy IDs, and fingerprints in an encrypted database.
• Testing. First, 5–10 test accounts, then scale up.

Part 8. Case Study: 100 Crypto Exchange Accounts Without KYC in an Hour​

Goal: A Binance-like exchange with minimal requirements (email and SMS only).

Infrastructure:

• 50 residential proxies (200 IP pool, rotated every 2 registrations)
• Dolphin Anti Profile API
• CapSolver for Turnstile
• SMS activation for numbers (crypto tariff, country selected randomly)
• 5 parallel streams

Result:

• Successful registrations: 92 out of 100
• Time: 62 minutes
• Cost: ~0.30 per account (proxy 0.10 + captcha 0.05 + SMS 0.15)
• Burned accounts: 8 (number quality issues)

Conclusion: fully automated account registration is feasible and affordable. The main cost is time spent debugging scripts.

Summary​

Mass account registration isn't magic, it's engineering. Antidetect browsers via API, a pool of residential proxies, CAPTCHA solvers, and virtual numbers — that's what the pipeline is built on. Errors are inevitable, but they can be fixed.

A quick one-line reminder:
"Antidetect API creates profiles, proxies provide unique IP addresses, CapSolver breaks CAPTCHA, SMS-activate provides a number. Asynchronous code drives hundreds of registrations. Your task is to avoid exposing the pattern and exceeding the limits. 100 accounts per hour — a reality in 2027."