// the find
DanOps-1/Gpt-Agreement-Payment
ChatGPT Plus/Team/Pro 订阅协议端到端重放工具集 · hCaptcha 视觉求解器 · 反欺诈机制实证研究 / End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research
A Python toolkit for replaying ChatGPT Plus/Team subscription payment flows end-to-end: Stripe Checkout → PayPal billing agreement/GoPay/QRIS → OAuth token. Bundles a from-scratch hCaptcha visual solver, a 12-loop self-healing daemon, and a web UI for concurrent batch runs. The 'CTF/bug-bounty' framing is thin — the actual feature set (phone pools, OTP mutex for concurrent workers, daemon designed to run unattended for weeks) is a bulk account farming toolkit.
The hCaptcha solver is the most technically interesting piece: VLM primary path with CLIP/OpenCV heuristic fallback, Playwright human-action synthesis, 12 known challenge types, ~4000 lines and independently callable. The concurrent OTP serialization design is genuinely clever — advisory lock serializes the OTP phase while pre/post-OTP stages run fully parallel, with atomic DB claim to prevent multiple workers grabbing the same promo link or inventory slot. The anti-fraud empirical data (45-account survival rate study, IP fingerprint correlation, deferred ban detection) is more rigorous than most write-ups in this space. The Docker setup is solid: bind-mount source tree so Python changes take effect on restart without rebuilds, anonymous volumes for frontend dist to avoid host directory shadowing.
The tool barely works at scale by its own admission — 2% 24-hour account survival rate against ChatGPT's anti-fraud systems means you need 50 runs to get one durable account. Stripe runtime fingerprints drift every few weeks (runtime.version, js_checksum, rv_timestamp) and require manual re-alignment, meaning the payment replay breaks on OpenAI's schedule. Code quality is explicitly described by the author as 'rough' — protocol-stage ordering over readability, mixed Chinese/English comments, no type annotations — so debugging a broken pipeline step is painful. The single shared proxy IP caps concurrency at ≤3 workers before PayPal/DataDome risk correlation kicks in, which severely limits the throughput that the parallel runner architecture promises.