AWS WAF

AWS WAF

Mobile SDK

Solve Amazon Web Services captcha challenges for iOS and Android SDK. Not for web-based challenges.

⚠️ Mobile SDK Only: This solver is designed for AWS WAF challenges encountered in iOS/Android mobile applications, not web browsers.

Endpoint

POSThttps://api.peak.fo/solve

Request

FieldTypeRequiredDescription
task_typestringYesMust be "awswaftask"
urlstringYesApp domain (e.g., https://app.example.com/)
sdk_urlstringYesAWS WAF SDK endpoint from the app
proxystringYesHTTP proxy (http://user:pass@ip:port)
user_agentstringNoMobile app user agent
osstringNo"ios" or "android" (auto-detected from user_agent)

JSON Request Body

{
  "task_type": "awswaftask",
  "url": "https://app.example.com/",
  "sdk_url": "https://xxxxx.edge.sdk.awswaf.com/xxxxx/xxxxx",
  "proxy": "http://user:pass@ip:port",
  "user_agent": "AppName/1.0 (iOS 17.0)"
}

Response

{
  "success": true,
  "data": {
    "token": "aws-waf-token-xxxxx..."
  }
}

Code Examples

peak-api-example.python
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Python28 lines • editable

Finding the SDK URL

The sdk_url is the AWS WAF endpoint hardcoded in the mobile app. You can find it by:

  • • Decompiling the app and searching for edge.sdk.awswaf.com
  • • Using a proxy (Charles/mitmproxy) to intercept app traffic
  • • Searching for patterns like https://xxxxx.edge.sdk.awswaf.com/xxxxx/xxxxx

Notes

  • iOS and Android mobile SDK challenges only
  • • Use the same proxy when making subsequent requests with the token
  • • The token is returned as x-aws-waf-token header and aws-waf-token cookie
  • • OS type is auto-detected from user_agent, or specify "os": "ios" or "os": "android"

Pricing

AWS WAF solving is priced at $1.00 per 1,000 solves (pay-per-solve).

Package Pricing

PackagePricePer 1K
AWS WAF 50K$40.00$0.80
AWS WAF 100K$75.00$0.75
AWS WAF 200K$140.00$0.70
AWS WAF 500K$325.00$0.65
AWS WAF 1M$600.00$0.60