Logo of «2Captcha»To home page
Captcha bypass tutorials

Was this helpful?

How to Identify captcha types on a website

Gregory Fisher

Technical engineer

In short: Before integrating with the 2Captcha API, it's crucial to accurately identify the protection mechanism used on the target website. This directly affects request parameters (type, websiteKey, websiteURL), token format, and how the token should be applied. This guide provides a step-by-step walkthrough for identifying captchas using DevTools, along with a reference table of common captcha types and their distinguishing features.

Captcha classification and API requirements

Different protection systems operate differently:

Captcha Type Key Parameter API v2 Task Type Specifics
reCAPTCHA v2 data-sitekey RecaptchaV2TaskProxyless Requires token in g-recaptcha-response field
reCAPTCHA v3 data-sitekey RecaptchaV3TaskProxyless Returns a score; no visible widget
Cloudflare Turnstile data-sitekey TurnstileTaskProxyless reCAPTCHA alternative with its own domain
GeeTest v3/v4 gt, challenge GeeTestTaskProxyless Slider or puzzle; dynamic parameters
FunCaptcha public_key FunCaptchaTaskProxyless iframe with mini-game; requires blob or token

Important: Submitting a task with an incorrect type or parameters will result in an ERROR_BAD_PARAMETERS response from the API, or the token will be rejected by the target website.

Step 1. Open DevTools

  1. Press F12 or Ctrl+Shift+I (Cmd+Option+I on Mac).
  2. Navigate to the Elements tab to analyze HTML, or the Network tab to monitor requests.

Step 2. Look for captcha undicators in the page code

Search within HTML (Elements Tab)

Use Ctrl+F and search for these keywords:

Copy 
recaptcha
turnstile
geetest
arkose
data-sitekey

Sample markup examples

Google reCAPTCHA v2

html Copy 
<div class="g-recaptcha" data-sitekey="6Le-wvkSVVABCPBMRTvw0Q4Muexq1bi0DJwx_mJ-"></div>
<script src="https://www.google.com/recaptcha/api.js"></script>

Cloudflare Turnstile

html Copy 
<div class="cf-turnstile" data-sitekey="0x4AAAAAAAvkH5Z8J9Z8J9Z8"></div>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js"></script>

GeeTest v4

html Copy 
<div id="captcha"></div>
<script>
  initGeetest4({ captchaId: "abc123", product: "bind" });
</script>

Step 3. Inspect loaded scripts (Network Tab)

  1. Refresh the page with the Network tab open.
  2. Filter by JS or search for:
Copy 
recaptcha/api.js
turnstile/v0/api.js
geetest.com
arkoselabs.com

Tip: If the script loads dynamically, enable Preserve log and trigger the action that activates the captcha (e.g., button click, form submission).

Step 4. Extract sitekey / Parameters

Where to find the sitekey:

Source How to Locate
HTML attribute data-sitekey="..." inside the widget div
iframe URL k=... parameter in the iframe src
JS config object Inside ___grecaptcha_cfg or hcaptcha.render()
Network request In requests to api.js or challenge endpoints

Example: Extracting reCAPTCHA sitekey

javascript Copy 
// In browser console
document.querySelector('.g-recaptcha').dataset.sitekey;
// or
___grecaptcha_cfg.clients[0].P.V.s; // structure may vary

Special cases

Invisible captcha

No visible checkbox appears. Indicators include:

  • Widget only appears after form submission or suspicious activity.
  • Code contains grecaptcha.execute() or size: "invisible".
  • No visible div.g-recaptcha element.

Solution: Search for the sitekey in JavaScript files or network requests during initialization.

Dynamic Loading

Captcha renders only after:

  • A button click;
  • Form validation;
  • Bot-like behavior detection.

Solution:

  1. Open the Network tab.
  2. Perform the target action.
  3. Monitor new requests to recaptcha, geetest, etc.

Shadow DOM

Widget is hidden inside a #shadow-root.

How to inspect:

  1. In DevTools, enable Show user agent shadow DOM (Settings → Preferences → Elements).
  2. Or run in console:
javascript Copy 
document.querySelector('target-element').shadowRoot.innerHTML;

Reference: captcha identification clues

Indicator reCAPTCHA Turnstile GeeTest FunCaptcha
Script domain google.com/recaptcha challenges.cloudflare.com static.geetest.com arkoselabs.com
Widget class g-recaptcha cf-turnstile geetest_<...> arkose-<...>
Key parameter data-sitekey data-sitekey data-gt, challenge data-pkey
iframe src pattern recaptcha/api2/anchor turnstile/v0 geetest.com/fullpage arkoselabs.com/fc/
API v2 Task Type RecaptchaV2TaskProxyless TurnstileTaskProxyless GeeTestTaskProxyless FunCaptchaTaskProxyless

Working with the 2Captcha API

Creating a task

Endpoint: POST https://api.2captcha.com/createTask

Example: reCAPTCHA v2

json Copy 
{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "RecaptchaV2TaskProxyless",
    "websiteURL": "https://example.com/login",
    "websiteKey": "6Le-wvkSVVABCPBMRTvw0Q4Muexq1bi0DJwx_mJ-",
    "isInvisible": false
  }
}

Example: Cloudflare Turnstile

json Copy 
{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "TurnstileTaskProxyless",
    "websiteURL": "https://example.com",
    "websiteKey": "0x4AAAAAAAvkH5Z8J9Z8J9Z8"
  }
}

Example: GeeTest v4

json Copy 
{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "GeeTestV4TaskProxyless",
    "websiteURL": "https://example.com",
    "captchaId": "abc123xyz",
    "initParameters": {}
  }
}

Success response:

json Copy 
{
  "errorId": 0,
  "taskId": 123456789
}

Retrieving the result

Endpoint: POST https://api.2captcha.com/getTaskResult

json Copy 
{
  "clientKey": "YOUR_API_KEY",
  "taskId": 123456789
}

Response with token:

json Copy 
{
  "errorId": 0,
  "status": "ready",
  "solution": {
    "gRecaptchaResponse": "03AGdBq24FBCD...",
    "token": "eyJ0eXAiOiJKV1QiLCJh..." // for Turnstile/hCaptcha
  }
}

Recommendation: Poll getTaskResult every 3–5 seconds.

Injecting the token into a form

reCAPTCHA v2/v3

javascript Copy 
document.getElementById('g-recaptcha-response').value = '03AGdBq24FBCD...';
document.querySelector('form').submit();

Turnstile

javascript Copy 
// Turnstile usually auto-injects the token via callback
// Manual injection if needed:
document.querySelector('[name="cf-turnstile-response"]').value = 'TOKEN';

GeeTest

javascript Copy 
// Pass solution parameters to the form:
{
  "geetest_challenge": "...",
  "geetest_validate": "...",
  "geetest_seccode": "..."
}

Conclusion

Accurately identifying the captcha type is a critical prerequisite for successful API integration. Mistakes at this stage almost always lead to invalid tokens, redundant requests, and complex debugging. It's far more efficient to precisely determine the protection system upfront than to troubleshoot misconfiguration issues later.

Using DevTools enables fast, reliable extraction of all required parameters: captcha type, sitekey, additional identifiers, and rendering specifics (invisible, dynamic loading, Shadow DOM). Once gathered, simply map them to the appropriate API task type and include them correctly in your request.

Final checklist

Before submitting a task, verify that:

  • The captcha type is identified based on concrete page evidence—not assumptions
  • All critical parameters (websiteKey, captchaId, gt, challenge, etc.) are correctly extracted
  • websiteURL is fully specified and matches the actual page
  • The corresponding API task type is selected
  • Rendering specifics are accounted for (invisible / dynamic / Shadow DOM)
  • Result handling and polling logic is properly implemented
  • The token is inserted into the exact form field expected by the target site

Following these guidelines ensures your integration is predictable, stable, and easily scalable.