Automatic reCAPTCHA V3 resolution - a tutorial for developers and customers
Introducing a complete tutorial on automatic reCAPTCHA V3 resolution with 2captcha service. It contains a lot of previously published information but now it contains everything developers and customers need.
2Captcha provides reCAPTCHA V3 resolution
We have been able to bypass reCAPTCHA V3 since June 2018. It was in beta for some time because our algorithms weren't perfect. Eventually, on June 2020 we finally came up with a solid solution. We have spent one more year working on scalability of the way to bypass V3. Now we can provide 5-7 million of V3 solutions with 0.9 score per day peaking up to 50,000 captchas per minute. Shortly we will double that and will be able to scale our capacity depending on our needs. By the way, if you have some idle computing capacity, you can use it to earn funds solving V3 doing absolutely nothing. All you need is a PC and a Chrome browser with our extension installed. Read more about it at: Passive income from reCAPTCHA v3.
V3 isn't a captcha and what is the meaning of "score"
reCAPTCHA V3 is not your regular captcha task. It's not an automated Turing test to distinguish robots from humans. reCAPTCHA V3 is a browser scoring mechanism that recognizes who operates the browser, a human or a program. The result of bypassing reCAPTCHA V3 is a score from 0.1 to 0.9 where 0.1 is "most likely a robot" and 0.9 is "most likely a human". 2captcha provides tokens with a 0.9 score.
How do I know there is a reCAPTCHA V3?
reCAPTCHA V2: There is a checkbox on a page.
reCAPTCHA V2 Invisible: There is no checkbox, but there is a reCAPTCHA logo in the bottom right corner. Sometimes you are asked to solve a reCAPTCHA.
reCAPTCHA V3: There is no checkbox, but there is a reCAPTCHA logo in the bottom right corner. You are never asked to solve a reCAPTCHA.
Sometimes it is really tricky to distinguish between a reCAPTCHA V2 Invisible and a V3. In such cases, simply open the browser's console Command+Option+C (Mac) or Control+Shift+C (Windows, Linux, Chrome OS) and check the requests sent to google.com (or recaptcha.net in some cases) on a Network tab.
Find a request
https://www.google.com/recaptcha/api2/reload?k=
Then check for
https://www.google.com/recaptcha/api2/userverify?k=
The first request should always be there. If you cannot find it, try to change the hostname to "recaptcha.net" and look for it until you find it. If you cannot find the second request to userverify, then it's a case of reCAPTCHA V3. If there is a request to userverify, then it's a reCAPTCHA V2 Invisible.
How do I send a request to 2captcha.com and get a solution?
Easy. You only need to make three GET or POST requests:
1. Upload captcha API endpoint for your request: http://2captcha.com/in.php
Please indicate the following parameters in your request:
| Parameter | Value | Description |
|---|---|---|
| key | Your APIKEY | |
| method | userrecaptcha | defines that you're sending a reCAPTCHA |
| version | V3 | defines that you're sending a reCAPTCHA V3 |
| googlekey | The value of the sitekey parameter you found on the page | |
| pageurl | Full URL of the page where you see the reCAPTCHA. If it's loaded in an Iframe, then it should be an Iframe URL | |
| min_score | The score needed for resolution. The value could be between 0.1 and 0.9 | |
| action | Optional parameter. The value of the action parameter you found on the page | |
| json | 1 | Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text. |
The server will return the ID of your captcha:
{
"status": 1,
"request": "50970709412"
}If something went wrong, the server would return an error. : See Error Handling chapter for the list of errors.
2. Getting a resolution
Make a 5 seconds timeout and submit a request to our API to get the resolution
API endpoint for your request: http://2captcha.com/res.php
Please indicate the following parameters in your request:
| Parameter | Value | Description |
|---|---|---|
| key | Your APIKEY | |
| action | get | Defines that you want to get the answer for your captcha |
| id | ID of the captcha returned in the previous step | |
| json | 1 | Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text. |
If everything is fine, the server will return a resolution of your captcha:
{
"status": 1,
"request": "03AGdBq269xwqd…..5pZ_2DMHqUjg"
}The request value is the token you need to use to bypass reCAPTCHA V3. You should then use it on a website with captcha.
If the captcha is not solved yet, you will receive
{
"status": 0,
"request": "CAPCHA_NOT_READY"
}In that case you have to make a 5 seconds timeout and repeat your request.
Nearly 90% of reCAPTCHA V3 requests are solved within 5 seconds now. The maximum waiting time is 120 seconds. Please make at least 3 seconds timeout between requests to res.php for the same captcha ID. Preferably 5 seconds, 10 is best.
3. Complain about bad or good solution
This is optional, but you are strongly advised to use this call. When reporting a bad or good solutions, you improve a good solutions percentage and spend less funds.
We use customer-unique AllowList and BlockList that contain lists of PCs used to solve captcha. To populate those lists, we need you to send us reportbad and reportgood calls, depending on whether a solution worked for you or not. Upon receiving a reportgood call we put the PC that produced this solution into an AllowList. When this list contains at least 50 hosts, half of your captcha will be solved by hosts in this list. When this list reaches 500 hosts, all your requests will be solved by hosts from this list. If a solution didn't work, you should send us a reportbad call. We will then place the PC that produced this solution into a BlockList of hosts that will not receive requests from you for a long time. You will also get refunded for this solution. Please note that refunds are only made to customers who are sending reportgood calls, too.
Important! If you are bypassing a reCAPTCHA V3 on different websites, it's best to create different 2captcha accounts. The reason being, a PC may provide good reCAPTCHA V3 solutions for some websites and bad solutions for others. This is a reCAPTCHA V3 feature.
API endpoint for your request: http://2captcha.com/res.php
Please indicate the following parameters in your request:
| Parameter | Value | Description |
|---|---|---|
| key | Your APIKEY | |
| id | The ID of the captcha you want to report | |
| action | reportbad reportgood | reportgood - a resolution was accepted, reportbad - a resolution wasn't accepted |
| json | 1 | Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text. |
How to use a token to bypass captcha
After getting a solution (token), you have to use it correctly to bypass a challenge. You can find out how to do this by checking the requests sent to a website while working with it as a regular user. To do so, open DevTools of your browser Command+Option+C (Mac) or Control+Shift+C (Windows, Linux, Chrome OS) and go to the Network tab.
Usually, a token is sent inside a POST request with g-recaptcha-response parameter, just as in the case with reCAPTCHA V2, or g-recaptcha-response-100000. It could also be any other name, so it's best to check a request's parameters and find how the token is passed in your particular case. Then you may compose your automated requests accordingly.
Please note that a token is valid for 120 seconds since its creation. The website you are bypassing a challenge on will receive a timestamp from Google with the exact date and time of the start of the challenge.
How to find "googlekey" and "action"
googlekey: Open a webpage with captcha and go to the browser's console.
Find an iframe with a captcha challenge. You may search for src="https://www.google.com/recaptcha/api2/anchor
Now find the k parameter in the script address. That's the googlekey you are looking for. It is static for every particular website that uses Google reCAPTCHA.
action: Open a webpage with captcha and go to the browser's console. Now find a script calling the *grecaptcha.execute method. Arguments used to call this method may contain an action parameter. If it's there, pass it in your request to in.php when you upload your task. If there is no action, you don't need to send it.
How to find a score value
Always go for the max score of 0.9 while testing. When you made it work with the max score, you can try to find the actual minimum score requirement for this website. Send at least 10 captcha tasks with scores of 0.3, 0.5, 0.7 and 0.9 to find out what value works for you.
reCAPTCHA V3 rate
| Type of captcha | Score value | Cost |
|---|---|---|
| reCAPTCHA V3 | score <= 0.3 | 1.45 USD for 1000 solutions |
| reCAPTCHA V3 | score > 0.3 | 2.99 USD for 1000 solutions |
Libraries for developers
You may find code samples along with different libraries and integration modules in our repository at GitHub: