| name | gpt-agreement-payment-replay |
| description | End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with hCaptcha visual solver and anti-fraud empirical research |
| triggers | ["set up gpt agreement payment","run chatgpt subscription replay pipeline","configure hcaptcha solver","set up paypal billing agreement replay","run daemon mode for subscription pipeline","configure stripe checkout replay","debug pipeline replay errors","extend hcaptcha solver with new challenge type"] |
Gpt-Agreement-Payment Replay Toolkit
Skill by ara.so — Daily 2026 Skills collection.
End-to-end protocol replay toolkit that automates the Stripe Checkout → PayPal billing agreement → ChatGPT manual-approval → Codex OAuth + PKCE chain. Includes a from-scratch hCaptcha visual solver (~4000 lines), empirical anti-fraud research data, and a 12-path self-healing daemon.
Installation
System Requirements
- Linux (Ubuntu 22.04+ recommended), ~5 GB disk, ~2 GB RAM
- Python 3.11+
- Xvfb for headless browser automation
sudo apt-get install -y xvfb xauth gost
git clone https://github.com/DanOps-1/Gpt-Agreement-Payment
cd Gpt-Agreement-Payment
pip install requests curl_cffi playwright camoufox browserforge mitmproxy pybase64
playwright install firefox
camoufox fetch
ML Dependencies for hCaptcha Solver (optional, ~4 GB)
python -m venv ~/.venvs/ctfml
~/.venvs/ctfml/bin/pip install torch transformers opencv-python pillow numpy
WebUI (recommended for first-time setup)
pip install -r webui/requirements.txt
cd webui/frontend && pnpm i && pnpm build && cd ../..
python -m webui.server
Prerequisites Checklist
Before running, you need:
| Requirement | Notes |
|---|
| PayPal account (EU) | Must be EU-based (IE, DE, FR, etc.); first run needs manual OTP 2FA |
| EU/US proxy | PayPal is region-locked; Stripe is country-locked |
| Cloudflare zone | For catch-all subdomain email registration |
| Linux with Camoufox + Playwright | ~5 GB disk + 2 GB RAM |
| VLM API key (optional) | OpenAI-compatible endpoint for hCaptcha solving |
| CAPTCHA platform API key (optional) | createTask/getTaskResult protocol, fallback for passive captcha |
Configuration
Copy and Edit Config Templates
cp CTF-pay/config.paypal.example.json CTF-pay/config.paypal.json
cp CTF-reg/config.paypal-proxy.example.json CTF-reg/config.paypal-proxy.json
config.paypal.json — Key Fields
{
"proxy": {
"host": "your-proxy-host",
"port": 1080,
"username": "PROXY_USER",
"password": "PROXY_PASS",
"protocol": "socks5"
},
"paypal": {
"email": "your-paypal-email@example.com",
"password": "PAYPAL_PASS",
"totp_secret": "PAYPAL_TOTP_SECRET"
},
"cloudflare": {
"api_token": "CF_API_TOKEN",
"zone_id": "CF_ZONE_ID",
"domain": "yourdomain.com"
},
"webshare": {
"api_key": "WEBSHARE_API_KEY"
},
"vlm": {
"base_url": "https://api.openai.com/v1",
"api_key": "VLM_API_KEY",
"model": "gpt-4o"
},
"captcha_platform": {
"api_key": "CAPTCHA_PLATFORM_KEY",
"base_url": "https://api.2captcha.com"
},
"subscription_type": "team",
"output_path": "output/results.jsonl"
}
Environment Variables (alternative to config file)
export PROXY_HOST="your-proxy-host"
export PROXY_PORT="1080"
export PAYPAL_EMAIL="your@email.com"
export PAYPAL_PASS="yourpassword"
export CF_API_TOKEN="your-cloudflare-token"
export CF_ZONE_ID="your-zone-id"
export VLM_API_KEY="your-vlm-key"
export WEBSHARE_API_KEY="your-webshare-key"
Running the Pipeline
Single Run (full flow)
xvfb-run -a python pipeline.py \
--config CTF-pay/config.paypal.json \
--paypal
Output: output/results.jsonl containing refresh_token on success.
Daemon Mode (continuous pool maintenance)
xvfb-run -a python pipeline.py \
--config CTF-pay/config.paypal.json \
--paypal \
--daemon
Batch Mode
xvfb-run -a python pipeline.py \
--config CTF-pay/config.paypal.json \
--paypal \
--batch \
--count 10
Self-Dealer Mode
xvfb-run -a python pipeline.py \
--config CTF-pay/config.paypal.json \
--paypal \
--self-dealer
Pipeline Architecture
pipeline.py
└─ CTF-reg/browser_register.py # Camoufox + Cloudflare Turnstile
└─ CTF-pay/card.py # Stripe Checkout replay (8000 lines)
└─ Stripe confirm
└─ ChatGPT /approve
└─ Camoufox PayPal billing agreement
└─ Stripe poll state=succeeded
└─ Camoufox second login → Codex OAuth + PKCE
└─ output/results.jsonl # Final refresh_token
hCaptcha Solver
Standalone Usage
import sys
sys.path.insert(0, '/path/to/Gpt-Agreement-Payment')
from CTF_pay.hcaptcha_auto_solver import HCaptchaSolver
solver = HCaptchaSolver(
vlm_base_url="https://api.openai.com/v1",
vlm_api_key="VLM_API_KEY",
vlm_model="gpt-4o",
use_clip_fallback=True,
use_opencv_fallback=True,
)
async def solve_on_page(page):
result = await solver.solve(page)
return result
Three-Layer Decision Flow
1. VLM primary path — sends challenge image to VLM, parses coordinate response
2. CLIP heuristic — cosine similarity between challenge prompt and image tiles
3. OpenCV fallback — contour/template matching for known visual patterns
Supported Challenge Types (12)
| Type | Description |
|---|
select-image | Select all images matching description |
bounding-box | Draw bounding box around object |
image-label | Label images as matching/not-matching |
click-point | Click specific point on image |
drag-drop | Drag element to target |
3d-rotate | Rotate 3D object to match |
object-count | Count objects in image |
text-in-image | Identify text shown in image |
shape-match | Match shapes by property |
spatial-relation | Identify spatial relationships |
color-match | Match by color |
pattern-complete | Complete a visual pattern |
Adding a New Challenge Type
class HCaptchaSolver:
async def _solve_my_new_type(self, challenge_data: dict) -> list[tuple[int, int]]:
"""
Solver for 'my-new-type' challenge.
challenge_data keys: 'prompt', 'images', 'type'
Returns list of (x, y) click coordinates.
"""
prompt = challenge_data['prompt']
images = challenge_data['images']
coords = await self._vlm_solve(prompt, images)
scores = self._clip_score(prompt, images)
coords = [(img['x'], img['y']) for img, s in zip(images, scores) if s > 0.25]
return coords
CHALLENGE_HANDLERS = {
'my-new-type': '_solve_my_new_type',
}
Daemon Mode — 12 Self-Healing Paths
The daemon() function in pipeline.py handles these failure modes automatically:
| Trigger | Recovery Action |
|---|
| IP flagged / rate-limited | Webshare API auto-rotate IP |
| Cloudflare DNS quota exceeded | CF DNS quota cleanup |
| tmpfs orphan processes | Orphan process reap |
| gost relay down | gost relay watchdog restart |
| DataDome slider challenge | Auto-drag slider synthesis |
| Stripe fingerprint drift | Runtime re-alignment |
| PayPal session expired | Re-authentication flow |
| hCaptcha solve failure | VLM → CLIP → platform fallback |
| Account batch-association ban | Delay + fresh identity |
| Codex OAuth token expired | PKCE refresh flow |
| Browser crash / hang | Camoufox process restart |
| Output file lock | Tmpfs rotation + re-open |
Daemon Status Monitoring
import requests
status = requests.get("http://localhost:8766/daemon/status").json()
Reading Output
import json
results = []
with open("output/results.jsonl") as f:
for line in f:
results.append(json.loads(line))
successful = [r for r in results if r.get("success")]
print(f"Success rate: {len(successful)}/{len(results)}")
WebUI API (when server is running)
import requests
BASE = "http://127.0.0.1:8765"
health = requests.get(f"{BASE}/api/preflight").json()
run = requests.post(f"{BASE}/api/run", json={
"mode": "single",
"subscription_type": "team"
}).json()
run_id = run["run_id"]
import sseclient
response = requests.get(f"{BASE}/api/run/{run_id}/logs", stream=True)
client = sseclient.SSEClient(response)
for event in client.events():
print(event.data)
requests.post(f"{BASE}/api/run/{run_id}/stop")
Troubleshooting
Pipeline Hangs at PayPal OTP
# First run requires manual 2FA completion
# Run WITHOUT xvfb-run to see the browser:
python pipeline.py --config CTF-pay/config.paypal.json --paypal --no-headless
# Complete OTP manually; subsequent runs use saved session
Stripe Fingerprint Drift
mitmproxy --mode transparent -p 8080 --set console_eventlog_verbosity=debug
hCaptcha Solver Falling Back Constantly
curl -H "Authorization: Bearer $VLM_API_KEY" \
"$VLM_BASE_URL/models" | python -m json.tool
~/.venvs/ctfml/bin/python pipeline.py --config ...
export HCAPTCHA_DEBUG=1
Low Survival Rate (~2%)
This is expected per the anti-fraud research. Key findings from docs/anti-fraud-research.md:
- Batch-association delayed banning: Accounts registered in the same batch are banned together ~12–24 hours after creation
- IP-string-level fingerprinting: Exact IP (not just subnet) is tracked
- Probe layer vs ban layer separation: Initial probe passes, ban fires later
Mitigation strategies documented in docs/anti-fraud-research.md:
- Use residential IPs, not datacenter
- Introduce timing jitter between registrations (daemon does this automatically)
- Avoid reusing Cloudflare subdomains across batches
Free Account Path Broken
# Known limitation — OpenAI redirects free accounts to /add-phone
# No workaround without a real phone number
# Codex API audience mismatch with ChatGPT-Web access_token
# Only Plus/Team/Pro subscription paths are currently functional
Common Error Messages
| Error | Cause | Fix |
|---|
PayPal region rejected | Non-EU proxy | Switch to EU/IE proxy |
Turnstile solve timeout | Browser fingerprint detected | Update Camoufox: camoufox fetch |
Stripe 3DS required | Card requires 3DS auth | Use a non-3DS card config |
CF DNS quota exceeded | Too many subdomain creates | Daemon auto-cleans; manual: see docs/debugging.md |
gost relay not responding | gost process crashed | Daemon restarts; manual: systemctl restart gost |
Codex PKCE state mismatch | Clock skew | ntpdate -u pool.ntp.org |
Project Structure
Gpt-Agreement-Payment/
├── pipeline.py # Main entry point, daemon orchestrator
├── CTF-pay/
│ ├── card.py # Stripe Checkout replay (~8000 lines)
│ ├── hcaptcha_auto_solver.py # hCaptcha visual solver (~4000 lines)
│ ├── config.paypal.example.json
│ └── config.auto.json # Generated by webui wizard
├── CTF-reg/
│ ├── browser_register.py # Camoufox + Turnstile registration
│ └── config.paypal-proxy.example.json
├── webui/
│ ├── server.py # FastAPI backend
│ ├── frontend/ # React/pnpm frontend
│ └── README.md
├── output/
│ └── results.jsonl # refresh_token output
└── docs/
├── anti-fraud-research.md # Empirical data, 45-account 24h study
├── architecture.md
├── configuration.md
├── daemon-mode.md
├── debugging.md
├── hcaptcha-solver.md
├── installation.md
└── operating-modes.md
Key Timing Expectations
| Phase | Typical Duration |
|---|
| First-time config + PayPal 2FA | 1–3 hours |
| Single pipeline run (after setup) | ~5 minutes |
| WebUI wizard setup | ~15 minutes |
| Daemon stabilization | 30–60 minutes |
| Account survival window | 12–24 hours (2% survive 24h) |