Update on Google Search reCAPTCHA V2
What happened?
Recently some our customers reported issues bypassing reCAPTCHA V2 on Google Searh results page: the tokens were declined and captcha was shown again.
Investigation of the issue
Our team made an investigation on that matter.
First strange thing we found: Google Search Become very sensitive to query parameters.
For example, if you use num=xx
parameter in your query to set a number of results per page, Google will decline any token, show you a text captcha and even if after you solve the text captcha - you will be forwarded to reCAPTCHA V2 challenge again.
Honestly, their approach looks correct. Would a human always set the number of results in the address bar? In the majority of cases - no.
Also we found some minor changes in the captcha rendering process that affected the success rate.
What we did?
- We've updated the code related to reCAPTCHA rendering issue our workers software.
- We've pubished this post with the recommendations.
Recommendations
- Never use
num=xx
parameters in your queries on Google Search - Be really careful with any other query parameters, your request should look like it was made by a human
- Update your software accordingly or ask the software autors to do so