Automatic ReCAPTCHA V3 resolution - a tutorial for developers and customers

Released:

Introducing a complete tutorial on automatic reCAPTCHA V3 resolution with 2captcha service. It contains a lot of previously published information but now it contains everything developers and customers need.

2Captcha provides reCAPTCHA V3 resolution

We have been able to bypass reCAPTCHA V3 since June 2018. It was in beta for some time because our algorithms weren't perfect. Eventually, on June 2020 we finally came up with a solid solution. We have spent one more year working on scalability of the way to bypass V3. Now we can provide 5-7 million of V3 solutions with 0.9 score per day peaking up to 50,000 captchas per minute. Shortly we will double that and will be able to scale our capacity depending on our needs. By the way, if you have some idle computing capacity, you can use it to earn funds solving V3 doing absolutely nothing. All you need is a PC and a Chrome browser with our extension installed. Read more about it at: Passive income from reCAPTCHA v3.

V3 isn't a captcha and what is the meaning of "score"

reCAPTCHA V3 is not your regular captcha task. It's not an automated Turing test to distinguish robots from humans. reCAPTCHA V3 is a browser scoring mechanism that recognizes who operates the browser, a human or a program. The result of bypassing reCAPTCHA V3 is a score from 0.1 to 0.9 where 0.1 is "most likely a robot" and 0.9 is "most likely a human". 2captcha provides tokens with a 0.9 score.

How do I know there is a ReCaptcha V3?

reCAPTCHA V2: There is a checkbox on a page.
reCAPTCHA V2 Invisible: There is no checkbox, but there is a reCAPTCHA logo in the bottom right corner. Sometimes you are asked to solve a reCAPTCHA.
reCAPTCHA V3: There is no checkbox, but there is a reCAPTCHA logo in the bottom right corner. You are never asked to solve a reCAPTCHA.

Sometimes it is really tricky to distinguish between a reCAPTCHA V2 Invisible and a V3. In such cases, simply open the browser's console Command+Option+C (Mac) or Control+Shift+C (Windows, Linux, Chrome OS) and check the requests sent to google.com (or recaptcha.net in some cases) on a Network tab.

Find a request
https://www.google.com/recaptcha/api2/reload?k=

Then check for
https://www.google.com/recaptcha/api2/userverify?k=

The first request should always be there. If you cannot find it, try to change the hostname to "recaptcha.net" and look for it until you find it. If you cannot find the second request to userverify, then it's a case of reCAPTCHA V3. If there is a request to userverify, then it's a ReCaptcha V2 Invisible.

How do I send a request to 2captcha.com and get a solution?

Easy. You only need to make three GET or POST requests:

1. Upload captcha API endpoint for your request: http://2captcha.com/in.php
Please indicate the following parameters in your request:

Parameter Value Description
key Your APIKEY
method userrecaptcha defines that you're sending a reCAPTCHA
version V3 defines that you're sending a reCAPTCHA V3
googlekey The value of the sitekey parameter you found on the page
pageurl Full URL of the page where you see the reCAPTCHA. If it's loaded in an Iframe, then it should be an Iframe URL
min_score The score needed for resolution. The value could be between 0.1 and 0.9
action Optional parameter. The value of the action parameter you found on the page
json 1 Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text.

The server will return the ID of your captcha:

{
    "status": 1,
    "request": "50970709412"
}

If something went wrong, the server would return an error. : See Error Handling chapter for the list of errors.

2. Getting a resolution
Make a 5 seconds timeout and submit a request to our API to get the resolution
API endpoint for your request: http://2captcha.com/res.php
Please indicate the following parameters in your request:

Parameter Value Description
key Your APIKEY
action get Defines that you want to get the answer for your captcha
id ID of the captcha returned in the previous step
json 1 Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text.

If everything is fine, the server will return a resolution of your captcha:

{
    "status": 1,
    "request": "03AGdBq269xwqd…..5pZ_2DMHqUjg"
}

The request value is the token you need to use to bypass reCAPTCHA V3. You should then use it on a website with captcha.

If the captcha is not solved yet, you will receive

{
    "status": 0,
    "request": "CAPCHA_NOT_READY"
}

In that case you have to make a 5 seconds timeout and repeat your request.
Nearly 90% of reCAPTCHA V3 requests are solved within 5 seconds now. The maximum waiting time is 120 seconds. Please make at least 3 seconds timeout between requests to res.php for the same captcha ID. Preferably 5 seconds, 10 is best.

3. Complain about bad or good solution

This is optional, but you are strongly advised to use this call. When reporting a bad or good solutions, you improve a good solutions percentage and spend less funds.
We use customer-unique AllowList and BlockList that contain lists of PCs used to solve captcha. To populate those lists, we need you to send us reportbad and reportgood calls, depending on whether a solution worked for you or not. Upon receiving a reportgood call we put the PC that produced this solution into an AllowList. When this list contains at least 50 hosts, half of your captcha will be solved by hosts in this list. When this list reaches 500 hosts, all your requests will be solved by hosts from this list. If a solution didn't work, you should send us a reportbad call. We will then place the PC that produced this solution into a BlockList of hosts that will not receive requests from you for a long time. You will also get refunded for this solution. Please note that refunds are only made to customers who are sending reportgood calls, too.

Important! If you are bypassing a reCAPTCHA V3 on different websites, it's best to create different 2captcha accounts. The reason being, a PC may provide good reCAPTCHA V3 solutions for some websites and bad solutions for others. This is a reCAPTCHA V3 feature.

API endpoint for your request: http://2captcha.com/res.php
Please indicate the following parameters in your request:

Parameter Value Description
key Your APIKEY
id The ID of the captcha you want to report
action reportbad reportgood reportgood - a resolution was accepted, reportbad - a resolution wasn't accepted
json 1 Optional parameter. Tells the server to send the response as JSON. By default, the server will send the response as a plain text.

How to use a token to bypass captcha

After getting a solution (token), you have to use it correctly to bypass a challenge. You can find out how to do this by checking the requests sent to a website while working with it as a regular user. To do so, open DevTools of your browser Command+Option+C (Mac) or Control+Shift+C (Windows, Linux, Chrome OS) and go to the Network tab.

Usually, a token is sent inside a POST request with g-recaptcha-response parameter, just as in the case with reCAPTCHA V2, or g-recaptcha-response-100000. It could also be any other name, so it's best to check a request's parameters and find how the token is passed in your particular case. Then you may compose your automated requests accordingly.

Please note that a token is valid for 120 seconds since its creation. The website you are bypassing a challenge on will receive a timestamp from Google with the exact date and time of the start of the challenge.

How to find "googlekey" and "action"

googlekey: Open a webpage with captcha and go to the browser's console.
Find an iframe with a captcha challenge. You may search for src="https://www.google.com/recaptcha/api2/anchor
Now find the k parameter in the script address. That's the googlekey you are looking for. It is static for every particular website that uses Google reCAPTCHA.
action: Open a webpage with captcha and go to the browser's console. Now find a script calling the *grecaptcha.execute method. Arguments used to call this method may contain an *action* parameter. If it's there, pass it in your request to in.php when you upload your task. If there is no action, you don't need to send it.

How to find a score value

Always go for the max score of 0.9 while testing. When you made it work with the max score, you can try to find the actual minimum score requirement for this website. Send at least 10 captcha tasks with scores of 0.3, 0.5, 0.7 and 0.9 to find out what value works for you.

reCAPTCHA V3 rate

Type of captcha Score value Cost
reCAPTCHA V3 score <= 0.3 1.45 USD for 1000 solutions
reCAPTCHA V3 score > 0.3 2.99 USD for 1000 solutions

Libraries for developers

You may find code samples along with different libraries and integration modules in our repository at GitHub: