绕过 AWS Cognito, 生成 cognitoAsfData。
无需浏览器即可绕过 AWS Cognito。Takion 一次调用即可为你的登录生成有效的 cognitoAsfData 字符串,让你的 Cognito 登录通过其高级安全检测顺利放行。
最后更新 · 覆盖能力已针对一个实时的 AWS Cognito 目标测试。
被 AWS Cognito 拦住了?
当某个平台启用 Cognito 的高级安全(ASF)时,它的登录会要求一个 cognitoAsfData 字符串——一段与你的浏览器细节和登录邮箱绑定的设备数据。Takion 在服务端生成该字符串,你这边无需浏览器,返回后可直接提交。把它随登录请求一起发送,Cognito 就会接受该次登录。
试用需要审核
Cognito ASF 守护登录,因此绕过它可能助长账户盗用。试用不会自动开放。请先联系我们并说明你的使用场景。
AWS Cognito 的工作原理
AWS Cognito 是亚马逊的身份认证服务,一些平台会开启它的高级安全特性(ASF)来为登录打分。一旦启用,登录表单就必须携带一个 cognitoAsfData 字符串——一段由浏览器细节和所用的确切邮箱构建而成的设备数据。登录时缺少它,或使用了过期的值,Cognito 就会拒绝该次尝试。
Takion 会在服务端为你的目标域名和邮箱生成有效的 cognitoAsfData,并返回可直接提交的结果。一次调用,无需浏览器。你把它随用户名和密码一起放入登录请求,Cognito 就会接受该次登录。
- Takion 覆盖的挑战
- Cognito 高级安全(ASF)
- 登录时的 cognitoAsfData
- 与邮箱绑定的设备数据
- 浏览器细节指纹识别
一次调用返回什么
向 Cognito 端点发送一次调用,即可为你的域名和登录邮箱返回有效的 cognitoAsfData 字符串,可随登录一并提交。
cognitoAsfData随 Cognito 登录一并提交的高级安全设备数据字符串
curl -X POST https://cognito.takionapi.tech/generate \
-H "Authorization: Bearer $TAKION_KEY" \
-H "Content-Type: application/json" \
-d '{ "domain": "main.login.ticketmaster.sg", "email": "[email protected]" }'
# → { "cognitoAsfData": "<the string to post with the login form>" }阅读 AWS Cognito 文档同一个密钥,通吃每一堵墙。同一种 JSON 结构,适配每一个厂商。
How the AWS Cognito bypass works, end to end
No browser, no rendered login. Site plus username in, cognitoAsfData out, token on the sign-in.
- 1
You hit the login page
Load the Cognito sign-in page and gather your session details: the User-Agent, the client hints, and the email you will authenticate with.
- 2
You call generate
Send the /generate endpoint the website domain and the username. Pass your User-Agent, Sec-Ch-Ua, and Accept-Language too so the token matches the fingerprint you will log in with.
- 3
We build the ASF data server-side
Takion assembles the cognitoAsfData from the browser signals Cognito's advanced security expects, and binds it to that exact email. No browser runs on your end.
- 4
You read the token
Pull the token out of the JSON response. That string is your cognitoAsfData.
- 5
You post the login and you are in
Send the token as the cognitoAsfData form field next to the username and password. Cognito's advanced-security check passes and the sign-in goes through.
The Cognito call, decoded
Two params in, one token out. Here is exactly what moves:
website- the login domain you are authenticating against, e.g.
main.login.ticketmaster.sg username- the exact email you are signing in with; the token is bound to it, so it is generated per account
User-Agent + Sec-Ch-Ua + Accept-Language- your session headers, optional but recommended; send them and the token matches your fingerprint far more tightly
cognitoAsfData- the device-data string Takion returns; you post it as a form field with the username and password on the login POST
Why request-based beats a headless browser here
The browser way to pass Cognito ASF is to spin up headless Chrome, load the login page, let the Cognito script collect its device signals, scrape the cognitoAsfData it produces, and hope the fingerprint holds. It works until the script changes, and it costs you a browser per login, constant patching, and seconds of render time on every attempt.
Takion skips the browser. We generate the cognitoAsfData the Cognito script would have produced directly from the website, the username, and your session headers, so a token is one HTTP round trip instead of a full page load. No Chrome to babysit, no scraping the blob out of a live DOM, no retries when a container stalls mid-render. You send two params, you get the token.
What gets a Cognito login rejected
A token alone is not enough. Cognito's advanced security rejects the sign-in the moment any of these slip:
- Missing or stale cognitoAsfData. Post the login without the token, or with an old one, and ASF refuses it. Generate a fresh token for the attempt.
- Email mismatch. The token is bound to the username it was generated for. Generate it for one email and sign in with another and Cognito flags it.
- Fingerprint drift. Generate with one User-Agent and client hints, then log in with a different set, and the ASF data no longer matches the request. Keep the signals identical on both calls.
- Missing CSRF token. Cognito's login form wants its
_csrfvalue from the session. Load the login page first, carry the cookie, and send it with the POST. - Front-door challenge not cleared. Some Cognito logins sit behind another wall first. Ticketmaster SG fronts an Incapsula
reese84check before you reach the sign-in, so clear that too or the login never lands.
The one rule that kills most rejected logins
Generate the cognitoAsfData with the same User-Agent, client hints, and email you send on the login, and request a fresh one per account. Cognito's whole ASF model is matching the token to the request. Match it and the sign-in clears.
部分使用 AWS Cognito 的网站
AWS Cognito 守护着这些网站。Takion 在每一个上都能通过,所以绕过 ticketmaster sg 和绕过任何其他防护墙一样,都是同一次 POST。
AWS Cognito 绕过常见问题
- 会。Takion 会为你的域名和登录邮箱构建有效的 cognitoAsfData,并返回可随 Cognito 登录请求一并提交的结果。
- Cognito 会把 ASF 数据绑定到正在认证的那个确切邮箱,因此该字符串是按每次登录生成的。把你用来登录的邮箱传进来,Takion 就会将其嵌入其中。
- 有效。Ticketmaster SG 在登录时使用 Cognito ASF;Takion 会为其返回 cognitoAsfData,你随登录表单一并提交即可。
所有其他防护墙
今天就上线你的 AWS Cognito 绕过方案。
免费试用,之后一个密钥通吃每一堵墙。一小时内完成首次调用。