How to bypass ReCaptcha V3

#1
1637660436512.png

ReCaptcha V3 is type of captcha from Google. It has no challenge so there is no need for user interaction. Instead it uses a "humanity" rating - score.
ReCaptcha V3 technically is quite similar to ReCaptcha V2: customer receives a token from ReCaptcha API which is then sent inside a POST request to the target website and verified via ReCaptcha API.

The difference is now ReCaptcha API returns rating of a user detecting whether he was a real human or a bot. This rating is called score and could be a number from 0.1 to 0.9. This score is passed to the website which then decides what to do with the user request.

Also there is a new parameter action allowing to process user actions on the website differently. After the verification of token ReCaptcha API returns the name of the action user performed.

Our approach for solving ReCaptcha V3
We've performed many experiments and figured out that if a user got score 0.1 on some website then he is likely to get the same score on other websites.

We are detecting the scores of our workers. Then when we've got a request for solving ReCaptcha V3 with the minimal rating min_score we pass the captcha to the worker with the requested rating or higher. Most of the requests will get the requested rating on targer websites with ReCaptcha V3.

How to solve ReCaptcha V3 using 2captcha:
  1. First you've got to be sure the target website is actually using ReCaptcha V3
    There should be V3 if:
  2. To start solving ReCaptcha V3 using our API first you've got to find three parameters:

    sitekey - this parameter could be obtained from the URI of api.js as a value of render parameter. It could also be found inside URI of iframe with ReCaptcha, in javascript code of the website where it's calling grecaptcha.execute function or in ___grecaptcha_cfg configuration object.
    action - you've got to find this inspecting javascript code of the website looking for call of grecaptcha.execute function. Example: grecaptcha.execute('6LfZil0UAAAAAAdm1Dpzsw9q0F11-bmervx9g5fE', {action: do_something}).
    Sometimes it's really hard to find it and you've got to dig through all js-files loaded by website. You may also try to find the value of action parameter inside ___grecaptcha_cfg configuration object but usually it's undefined. In that case you have to call grecaptcha.execute and inspect javascript code. If you can't find it try to use the default value "verify" - our API will use it if you don't provide action in your request.
    pageurl - full URL of the page where you see the ReCaptcha V3.
    Now you need to understand the score you need to solve V3. You can't predict what score is acceptable for the website you want to solve at. It can only be figured out by trial and error. The lowest score is 0.1 which means "robot", the highest is 0.9 which means "human". But most sites uses thresholds from 0.2 to 0.5 because real humans receive a low score oftenly. Our service is able to provide solutions which requires the score of 0.3. Higher score is extreamly rare among workers.

  3. Having all necessary parameters stated above you may send request to our API.

  4. Submit a HTTP GET or POST request to our API URL:
    https://2captcha.com/in.php
    with method set to userrecaptcha and version set to v3 along with min_score set to score website requires, sitekey inside googlekey parameter and full page URL as value for pageurl. You have to include action parameter to or else we will use default value verify.
    List of request parameters below.
    URL request sample:
    Code:
    https://2captcha.com/in.php?key=1abc234de56fab7c89012d34e56fa7b8&method=userrecaptcha&version=v3&action=verify&min_score=0.3
    &googlekey=6LfZil0UAAAAAAdm1Dpzsw9q0F11-bmervx9g5fE&pageurl=http://mysite.com/page/
  5. If everything is fine server will return the ID of your captcha as plain text, like: OK|2122988149 or as JSON {"status":1,"request":"2122988149"} if json parameter was used.

    If something went wrong server will return an error. See Error Handling chapter for the list of errors.

  6. Make a 10-15 seconds timeout and submit a HTTP GET request to our API https://2captcha.com/res.php providing the captcha ID. The list of parameters is in the table below.

    If everything is fine and your captcha is solved server will return the answer as plain text or as JSON. The answer is a token like this:
    Code:
    03AHJ_Vuve5Asa4koK3KSMyUkCq0vUFCR5Im4CwB7PzO3dCxIo11i53epEraq-uBO5mVm2XRikL8iKOWr0aG50sCuej9bXx5qcviUGSm4iK4NC_Q88flavWhaTXSh0VxoihBwBjXxwXuJZ-WGN5Sy4dtUl2wbpMqAj8Zwup1vyCaQJWFvRjYGWJ_TQBKTXNB5CCOgncqLetmJ6B6Cos7qoQyaB8ZzBOTGf5KSP6e-K9niYs772f53Oof6aJeSUDNjiKG9gN3FTrdwKwdnAwEYX-F37sI_vLB1Zs8NQo0PObHYy0b0sf7WSLkzzcIgW9GR0FwcCCm1P8lB--gf50q5BMkiRH7osm4DoUgsjc_XyQiEmQmxl5sqZP7aKsaE-EM00x59XsPzD3m3YI6SRCFRUevSyumBd7KmXE8VuzIO9lgnnbka4-eZynZa6vbB9cO3QjLH0xSG3--o-fxrOuphwfrtwvvi2FGfpTexWvxhqWICMFTTjFBCEGEgj7_IFWEKirXW2RTZCVF0Gid7EtIsoEeZkPbrcUISGmgtiJkJ_KojuKwImF0G0CsTlxYTOU2sPsd5o1JDt65wGniQR2IZufnPbbK76Yh_KI2DY4cUxMfcb2fAXcFMc9dcpHg6f9wBXhUtFYTu6pi5LhhGuhpkiGcv6vWYNxMrpWJW_pV7q8mPilwkAP-zw5MJxkgijl2wDMpM-UUQ_k37FVtf-ndbQAIPG7S469doZMmb5IZYgvcB4ojqCW3Vz6Q
    If the captcha is not solved yet server will return CAPCHA_NOT_READY. Just repeat your request in 5 seconds.
    If something went wrong server will return an error. See Error Handling chapter for the list of errors.
    • user_check - ID of the worker who solved the captcha;
    • user_score - score of this worker.

      Sample request:
      Code:
      https://2captcha.com/res.php?key=1abc234de56fab7c89012d34e56fa7b8&action=get&json=1&id=2122988149
  7. After receiving the token from our API you've got to use it properly on the target website. Best way to understant that is to check the requests sent to site when you act as a normal user. Most browsers has developer's console tool where you should check Network tab.
    Usually token is sent using POST request. It could be g-recaptcha-response just like ReCaptcha V2 does or g-recaptcha-response-100000. It could be other parameter too. So you've got to inspect the requests and find out how exactly the token supposed to be sent. Then you have to compose your request accordingly.

  8. Now when you have successfully submit the token you may tell us if it worked or not. If not we will refund the money you spent on this token. If it was successfully accepted we will set the worker who solved this captcha as the priority solver for you. Besides we will gather statistics regarding V3 solution which will help us to further investigate this new type of captchas and make our service better.

    To let us know whether it worked or not please send the request to https://2captcha.com/res.php with your API Key in key parameter with ID of the captcha in id parameter and indicating action parameter. Next to mention is reportgood if token was accepted successfully or reportbad if token wasn't accepted respectfully.

    Request examples:
    ReportBAD
    Code:
    https://2captcha.com/res.php?key=1abc234de56fab7c89012d34e56fa7b8&action=reportbad&id=2122988149
    ReportGOOD
    Code:
    https://2captcha.com/res.php?key=1abc234de56fab7c89012d34e56fa7b8&action=reportgood&id=2122988149
    Important: complains for captcha types solved with token are not shown on the website. But we proceed with every report and gather the statistics. We will implement this complain display feature in future.

    Full instructions with examples of request parameters can be found at https://2captcha.com/2captcha-api#solving_recaptchav3