reCAPTCHA V2 – Callback-Based

Some websites implement reCAPTCHA V2 using a callback function instead of relying on the standard g-recaptcha-response field. In these cases, after solving the CAPTCHA successfully, you must invoke the site’s callback function with the token—rather than injecting it into a hidden field.

How to Identify a Callback Implementation

Look for one of the following in the page source:

• A data-callback="myFunction" attribute in the reCAPTCHA <div>:

  <div class="g-recaptcha" data-sitekey="..." data-callback="SubmitToken"></div>

• A callback property in a grecaptcha.render() call:

  grecaptcha.render('recaptcha-container', {
    sitekey: '...',
    callback: userVerified
  });

• The callback name stored in the global reCAPTCHA config (inspect via browser console):

  ___grecaptcha_cfg.clients[0].aa.l.callback

  Note: The object path (e.g., aa.l) may vary—check clients[1], clients[2], etc.

Integration Workflow

1. Extract the site key and page URL (same as standard reCAPTCHA V2).

2. Submit the task:

• Use in.php with method=userrecaptcha, googlekey, and pageurl.
  → See API V1 – reCAPTCHA V2

3. Wait 15–20 seconds, then poll for the result:

• Poll via res.php
  → See Get Result endpoint.

4. Upon receiving the token, call the site’s callback function directly:

   // Replace `SubmitToken` with the actual callback name
   SubmitToken("TOKEN_FROM_CAPTCHA_AI");

   This typically triggers form validation or automatic submission on the target site.

Important: Do not attempt to set g-recaptcha-response in callback-based implementations—it may be ignored or cause errors.

Best Practices

• Always verify the callback name in the live page context—minified or dynamically generated sites may use obfuscated names.
• If the page uses multiple reCAPTCHAs, ensure you’re targeting the correct clients[N] index.
• You can include browser-like context (user-agent, cookies, proxy) to mimic real-user conditions, which can improve solve success rates.