reCAPTCHA V3

reCAPTCHA V3 is the newest type of captcha from Google. It has no challenge so there is no need for user interaction. Instead it uses a "humanity" rating - score.

reCAPTCHA V3 technically is quite similar to reCAPTCHA V2: customer receives a token from reCAPTCHA API which is then sent inside a POST request to the target website and verified via reCAPTCHA API.

The difference is now reCAPTCHA API returns rating of a user detecting whether he was a real human or a bot. This rating is called score and could be a number from 0.1 to 0.9. his score is passed to the website which then decides what to do with the user request.

Also there is a new parameter action allowing to process user actions on the website differently. After the verification of token reCAPTCHA API returns the name of the action user performed.

How to solve reCAPTCHA V3 using captchaai:

1. First you've got to be sure the target website is actually using reCAPTCHA V3

   There should be V3 if:

   • there is no captcha and no images to click on
   • api.js script is loading with the render=sitekey parameter, for example:
     https://www.google.com/recaptcha/api.js?render=6LfZil0UAAAAAAdm1Dpzsw9q0F11-bmervx9g5fE
   • clients array of ___grecaptcha_cfg object is using index 100000: ___grecaptcha_cfg.clients[100000]

2. To start solving reCAPTCHA V3 using our API first you've got to find three parameters:

   sitekey - this parameter could be obtained from the URI of api.js as a value of render parameter. It could also be found inside URI of iframe with reCAPTCHA, in javascript code of the website where it's calling grecaptcha.execute function or in ___grecaptcha_cfg configuration object.

   action - you've got to find this inspecting javascript code of the website looking for call of grecaptcha.execute function. Example: grecaptcha.execute('6LfZil0UAAAAAAdm1Dpzsw9q0F11-bmervx9g5fE', {action: do_something}).
   Sometimes it's really hard to find it and you've got to dig through all js-files loaded by website. You may also try to find the value of action parameter inside___grecaptcha_cfg configuration object but usually it's undefined. In that case you have to call grecaptcha.execute and inspect javascript code. If you can't find it try to use the default value "verify" - our API will use it if you don't provide action in your request.

   pageurl - full URL of the page where you see the reCAPTCHA V3.

   Now you need to understand the score you need to solve V3. You can't predict what score is acceptable for the website you want to solve at. It can only be figured out by trial and error. The lowest score is 0.1 which means "robot", the highest is 0.9 which means "human". But most sites uses thresholds from 0.2 to 0.5 because real humans receive a low score oftenly. Our service is able to provide solutions which requires the score of 0.3. Higher score is extreamly rare.

3. Having all necessary parameters stated above you may send request to our API.

4. Submit a HTTP GET or POST request to our API URL:
   https://ocr.captchaai.com/in.php
   with method set to userrecaptcha and version set to v3 along with min_score set to score website requires, sitekey inside googlekey parameter and full page URL as value for pageurl. You have to include action parameter to or else we will use default value verify.

   List of request parameters below.

   URL request sample:

   https://ocr.captchaai.com/in.php?key=347bc2896fc1812d3de5ab56a0bf4ea7&method=userrecaptcha&version=v3&action=verify&min_score=0.3&googlekey=6LfZil0UAAAAAAdm1Dpzsw9q0F11-bmervx9g5fE&pageurl=https://mysite.com/page/

5. If everything is fine server will return the ID of your captcha as plain text,like: OK|123456789 or as JSON {"status":1,"request":"123456789"} if json parameter was used.

   If something went wrong server will return an error. See Error Handling chapter for the list of errors.

6. Make a 10-15 seconds timeout and submit a HTTP GET request to our API https://ocr.captchaai.com/res.php providing the captcha ID. The list of parameters is in the table below.

   If everything is fine and your captcha is solved server will return the answer as plain text or as JSON. The answer is a token like this:

   03AHJ_Vuve5Asa4koK3KSMyUkCq0vUFCR5Im4CwB7PzO3dCxIo11i53epEraq-uBO5mVm2XRikL8iKOWr0aG50sCuej9bXx5qcviUGSm4iK4NC_Q88flavWhaTXSh0VxoihBwBjXxwXuJZ-WGN5Sy4dtUl2wbpMqAj8Zwup1vyCaQJWFvRjYGWJ_TQBKTXNB5CCOgncqLetmJ6B6Cos7qoQyaB8ZzBOTGf5KSP6e-K9niYs772f53Oof6aJeSUDNjiKG9gN3FTrdwKwdnAwEYX-F37sI_vLB1Zs8NQo0PObHYy0b0sf7WSLkzzcIgW9GR0FwcCCm1P8lB--gf50q5BMkiRH7osm4DoUgsjc_XyQiEmQmxl5sqZP7aKsaE-EM00x59XsPzD3m3YI6SRCFRUevSyumBd7KmXE8VuzIO9lgnnbka4-eZynZa6vbB9cO3QjLH0xSG3--o-fxrOuphwfrtwvvi2FGfpTexWvxhqWICMFTTjFBCEGEgj7_IFWEKirXW2RTZCVF0Gid7EtIsoEeZkPbrcUISGmgtiJkJ_KojuKwImF0G0CsTlxYTOU2sPsd5o1JDt65wGniQR2IZufnPbbK76Yh_KI2DY4cUxMfcb2fAXcFMc9dcpHg6f9wBXhUtFYTu6pi5LhhGuhpkiGcv6vWYNxMrpWJW_pV7q8mPilwkAP-zw5MJxkgijl2wDMpM-UUQ_k37FVtf-ndbQAIPG7S469doZMmb5IZYgvcB4ojqCW3Vz6Q

   If the captcha is not solved yet server will return CAPCHA_NOT_READY.Just repeat your request in 5 seconds.

   If something went wrong server will return an error. See Error Handling chapter for the list of errors.

   Sample request:

   https://ocr.captchaai.com/res.php?key=347bc2896fc1812d3de5ab56a0bf4ea7&action=get&json=1&id=123456789

7. After receiving the token from our API you've got to use it properly on the target website. Best way to understant that is to check the requests sent to site when you act as a normal user. Most browsers has developer's console tool where you should check Network tab.

   Usually token is sent using POST request. It could be g-recaptcha-response just like reCAPTCHA V2 does or g-recaptcha-response-100000. It could be other parameter too. So you'vegot to inspect the requests and find out how exactly the token supposed to be sent. Then you have to compose your request accordingly.

List of GET/POST request parameters for https://ocr.captchaai.com/in.php

Parameter	Type	Required	Description
key	String	Yes	your API key
method	String	Yes	userrecaptcha — defines that you're sending a reCAPTCHA
version	String	Yes	v3 — defines that you're sending a reCAPTCHA V3
googlekey	String	Yes	Value of sitekey parameter you found on page
pageurl	String	Yes	Full URL of the page where you see the reCAPTCHA
domain	String Default: google.com	No	Domain used to load the captcha: google.com or recaptcha.net
action	String Default: verify	No	Value of action parameter you found on page
min_score	Integer Default: 0.4	No	The score needed for resolution. Currently it's almost impossible to get token with score higher than 0.3
header_acao	Integer Default: 0	No	0 — disabled 1 — enabled. If enabled in.php will include Access-Control-Allow-Origin:*: header in the response. Used for cross-domain AJAX requests in web applications. Also supported by res.php.
json	Integer Default: 0	No	0 — server will send the response as plain text 1 — tells the server to send the response as JSON

List of GET request parameters for https://ocr.captchaai.com/res.php

GET parameter	Type	Required	Description
key	String	Yes	your API key
action	String	Yes	get — get the asnwer for your captcha reportgood — - report the asnwer was accepted reportbad — - report the asnwer was declined
id	Integer	Yes	ID of captcha returned by in.php.
json	Integer Default: 0	No	0 — server will send the response as plain text 1 — tells the server to send the response as JSON
header_acao	Integer Default: 0	No	0 — disabled 1 — enabled. If enabled res.php will include Access-Control-Allow-Origin:* header in the response. Used for cross-domain AJAX requests in web applications.

---