![\"\"](\"https:\/\/justin.ooo\/wp-content\/uploads\/2019\/06\/firefox_JR4VTDNdIq.png\")
<\/figure><\/div>\n\n\n<form id=\"recaptcha-demo-form\" method=\"POST\">\n <fieldset>\n <legend>Sample Form with ReCAPTCHA<\/legend>\n <ul>\n <li><label for=\"input1\">First Name<\/label><input class=\"jfk-textinput\" id=\"input1\" name=\"input1\" type=\"text\" value=\"Jane\" disabled aria-disabled=\"true\"><\/li>\n <li><label for=\"input2\">Last Name<\/label><input class=\"jfk-textinput\" id=\"input2\" name=\"input2\" type=\"text\" value=\"Smith\" disabled aria-disabled=\"true\"><\/li>\n <li><label for=\"input3\">Email<\/label><input class=\"jfk-textinput\" id=\"input3\" name=\"input3\" type=\"text\" value=\"stopallbots@gmail.com\" disabled aria-disabled=\"true\"><\/li>\n <li>\n <p>Pick your favorite color:<\/p>\n <label class=\"jfk-radiobutton-label\" for=\"option1\"><input class=\"jfk-radiobutton-checked\" type=\"radio\" id=\"option1\" name=\"radios\" value=\"option1\" disabled aria-disabled=\"true\" checked aria-checked=\"true\">Red<\/label><label class=\"jfk-radiobutton-label\" for=\"option2\"><input class=\"jfk-radiobutton\" type=\"radio\" id=\"option2\" name=\"radios\" value=\"option2\" disabled aria-disabled=\"true\">Green<\/label>\n <\/li>\n <li>\n <div class=\"\">\n <!-- BEGIN: ReCAPTCHA implementation example. -->\n <div id=\"recaptcha-demo\" class=\"g-recaptcha\" data-sitekey=\"6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-\" data-callback=\"onSuccess\"><\/div>\n <script nonce=\"1KeZ0LVg4aug07anmgAULA\">\n var onSuccess = function(response) {\n var errorDivs = document.getElementsByClassName(\"recaptcha-error\");\n if (errorDivs.length) {\n errorDivs[0].className = \"\";\n }\n var errorMsgs = document.getElementsByClassName(\"recaptcha-error-message\");\n if (errorMsgs.length) {\n errorMsgs[0].parentNode.removeChild(errorMsgs[0]);\n }\n };\n <\/script><!-- Optional noscript fallback. -->\n <noscript>\n <div style=\"width: 302px; height: 462px;\">\n <iframe src=\"\/recaptcha\/api\/fallback?k=6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-\" frameborder=\"0\" scrolling=\"no\"><\/iframe>\n <div><textarea id=\"g-recaptcha-response\" name=\"g-recaptcha-response\" class=\"g-recaptcha-response\"><\/textarea><\/div>\n <\/div>\n <br>\n <\/noscript>\n <!-- END: ReCAPTCHA implementation example. -->\n <\/div>\n <\/li>\n <li><input id=\"recaptcha-demo-submit\" type=\"submit\" value=\"Submit\"\/><\/li>\n <\/ul>\n <\/fieldset>\n<\/form><\/code><\/pre>\n\n\n\nThe element we’ll be focusing on is the div with the “g-recaptcha” class. This widget is used in nearly every reCAPTCHA v2 implementation, and further documentation about it can be found here<\/a>. This element contains an attribute named data-sitekey, and it’s used to generate a response token (denoted by ‘g-recaptcha-response’ in the request) to verify that the captcha was solved when submitting a request. Here’s a sample request in which I’ve solved the captcha on the demo and submitted the form:<\/p>\n\n\n\n![\"\"](\"https:\/\/i.imgur.com\/XPTjpca.png\")
<\/figure>\n\n\n\nOur goal is to get a valid recaptcha response token without any human interaction. This can be done using captcha services such as 2Captcha, which I’ll be using in this example. We simply provide their API with the sitekey and the page url, and they’ll give us a valid token. We’ll need the page url because the domain that the token was generated on is used to verify the token. This prevents you from simply copying the sitekey variable into your own recaptcha implementation and generating tokens that work on another website. This can obviously be bypassed by redirected traffic locally on a subdomain via the hosts file, but that’s a topic for a different day. 2Captcha will handle all of this work for us, and it’s very inexpensive. At the time of me writing this, they charge $2.99\/1000 reCAPTCHA tokens, which converts to about 3\/10ths of a penny per captcha. Their API is documented here<\/a>.<\/p>\n\n\n\nA Basic Python Implementation<\/h3>\n\n\n\nimport requests\nimport json\nimport time\n\napi_key = \"\"\napi_url = \" https:\/\/2captcha.com\/\"\n\ndef api_request(path, data):\n data[\"key\"] = api_key\n response = requests.post(api_url + path, data = data)\n if response.status_code != 200: return False\n response_data = json.loads(response.text)\n if response_data[\"status\"] != 1: return False\n return response_data[\"request\"]\n\ndef check_request(id):\n data = {\n \"action\": \"get\",\n \"id\": id,\n \"json\": 1\n }\n return api_request(\"res.php\", data)\n\ndef create_request(url, site_key):\n data = {\n \"method\": \"userrecaptcha\",\n \"googlekey\": site_key,\n \"pageurl\": url,\n \"json\": 1\n }\n return api_request(\"in.php\", data)\n\ndef solve_captcha(url, site_key):\n id = create_request(url, site_key)\n time.sleep(10)\n request = False\n loops = 0\n while not request and loops < 50:\n time.sleep(5)\n request = check_request(id)\n loops += 1\n return request<\/code><\/pre>\n\n\n\nThis should be pretty easy to implement. Calling the solve_captcha script with the page url and the data-sitekey value and it should return a valid token. Note that due to the nature of the API, we’ll need to wait for a token. This implementation will freeze the thread. If that’s a big deal, implement a simple callback and some multi-threading. Here’s a simple implementation to get a valid token for google’s demo page:<\/p>\n\n\n\n
import _2captcha\nurl = \"https:\/\/www.google.com\/recaptcha\/api2\/demo\"\nsitekey = \"6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-\"\ntoken = _2captcha.solve_captcha(url, sitekey)\nprint(token)<\/code><\/pre>\n\n\n\nIf your API key is valid and nothing went wrong on 2Captcha’s end, it should spit out a token. This typically takes 30 seconds to a minute, so be patient. Submit that token as the correct parameter (g-recaptcha-response) to a captcha protected page, and you’ll be able to get around it instantly.<\/p>\n","protected":false},"excerpt":{"rendered":"
Web scraping is more important now than ever. Gathering and selling data can be lucrative, and analyzing it can help businesses in any industry. As web scraping becomes more and more common, measures to stop bots have evolved. Google’s reCAPTCHA v2 is a great example of this. In this article, I will briefly describe how this system works, and how we can bypass it. First, lets analyze the code of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[2,3],"tags":[],"_links":{"self":[{"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/posts\/91"}],"collection":[{"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":25,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/posts\/91\/revisions"}],"predecessor-version":[{"id":260,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/posts\/91\/revisions\/260"}],"wp:attachment":[{"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/media?parent=91"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/categories?post=91"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justin.ooo\/index.php\/wp-json\/wp\/v2\/tags?post=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}