A security researcher has released an end-to-end protocol replay toolkit that automates ChatGPT Plus, Team, and Pro subscriptions through Stripe and PayPal payment flows. The project, published on GitHub on April 27, 2026, has garnered 875 stars and 393 forks, demonstrating significant community interest in the technical approach to subscription automation and CAPTCHA solving.
The developer reverse-engineered the complete subscription chain—from Stripe Checkout through PayPal billing agreements to ChatGPT manual approval and Codex OAuth with PKCE authentication—implementing it as an automated client that outputs OAuth refresh_token credentials.
Three-Tier hCaptcha Solver Uses VLM, CLIP, and OpenCV
The project's most sophisticated component is a 4,000-line hCaptcha solver implementing a three-tier decision hierarchy. The primary approach uses a Vision Language Model (VLM) API for direct coordinate prediction. When this fails, the system falls back to CLIP embeddings combined with OpenCV image analysis for heuristic matching. The tertiary layer synthesizes human-like mouse movements via Playwright to avoid detection.
The implementation covers 12 known hCaptcha challenge types with built-in fallback mechanisms for novel challenges. This architecture represents a modern AI approach to CAPTCHA solving, moving beyond traditional computer vision techniques.
Complete Workflow Chains Browser Automation and Protocol Replay
The toolkit chains together multiple technical components:
- Browser automation via Camoufox (an antidetect Firefox build) and Playwright
- Protocol interception using mitmproxy for packet analysis and TLS fingerprinting
- Cloudflare Turnstile challenge handling during account registration
- Payment processing replay through Stripe's checkout and confirmation endpoints
- OAuth token extraction via the Codex API with PKCE flow
The complete workflow progresses through account registration, Stripe Checkout protocol replay, payment confirmation, PayPal billing authorization, status polling, secondary login with OAuth, and finally outputs refresh tokens to output/results.jsonl.
Anti-Fraud Research Documents 2% Survival Rate for Bulk Registrations
The repository includes empirical anti-fraud research showing approximately 2% survival rate after 24 hours for bulk registrations. This data documents how ChatGPT's fraud detection employs IP fingerprinting and batch-correlation delayed bans to identify automated account creation.
The project includes daemon mode for unattended operation across weeks, with 12 self-healing loops handling IP rotation, DNS quota management, and relay watchdogs. These operational features demonstrate the sophistication required to bypass modern anti-fraud systems.
Legal Restrictions Limit Usage to Authorized Security Research
The developer includes strict usage restrictions, limiting the toolkit to owned systems, legal CTF competitions, authorized bug bounty projects, and security research only. The license explicitly prohibits use for fraud, payment evasion, bulk account creation, violating third-party terms of service, or unauthorized targets.
This research provides valuable transparency into payment system protocols and modern platform anti-fraud mechanisms, while highlighting the evolving capabilities of AI-powered CAPTCHA solving techniques.
Key Takeaways
- GitHub repository reverse-engineers complete ChatGPT subscription flow with 875 stars and 393 forks since April 27, 2026
- Custom hCaptcha solver uses three-tier architecture: VLM API, CLIP/OpenCV heuristics, and Playwright-synthesized human movements across 12 challenge types
- Anti-fraud research documents 2% survival rate for bulk-registered accounts after 24 hours due to IP fingerprinting and delayed bans
- Complete automation chain includes Camoufox browser, mitmproxy protocol interception, Stripe/PayPal replay, and OAuth token extraction
- Project restricted to authorized security research, CTF competitions, and bug bounty programs only