Update on Google Search reCAPTCHA V2

What happened?

Recently some our customers reported issues bypassing reCAPTCHA V2 on Google Searh results page: the tokens were declined and captcha was shown again.

Investigation of the issue

Our team made an investigation on that matter.
First strange thing we found: Google Search Become very sensitive to query parameters.
For example, if you use num=xx parameter in your query to set a number of results per page, Google will decline any token, show you a text captcha and even if after you solve the text captcha - you will be forwarded to reCAPTCHA V2 challenge again.
Honestly, their approach looks correct. Would a human always set the number of results in the address bar? In the majority of cases - no.

Also we found some minor changes in the captcha rendering process that affected the success rate.

What we did?

  • We've updated the code related to reCAPTCHA rendering issue our workers software.
  • We've pubished this post with the recommendations.

Recommendations

  • Never use num=xx parameters in your queries on Google Search
  • Be really careful with any other query parameters, your request should look like it was made by a human
  • Update your software accordingly or ask the software autors to do so