Skip to main content

Invisible reCAPTCHA V2

Invisible reCAPTCHA V2 is a variant of Google’s reCAPTCHA that operates without user interaction—unless the system suspects bot activity. It’s commonly used on forms, login pages, or actions like clicking a button or submitting data.

Overview

You can identify invisible reCAPTCHA by:

  • The presence of size=invisible in the reCAPTCHA configuration
  • A DOM element positioned far off-screen (e.g., top: -10000px), making it invisible to users
  • Dynamic execution triggered by user actions (form submission) or page load
  • Returns a token that must be injected into the page
Invisible reCAPTCHA V2 Example

Example: Invisible reCAPTCHA verification

Demo: See how it works at Google’s invisible reCAPTCHA demo.

Integration Workflow

  1. Locate the Site Key and Page URL

    • Check for data-sitekey in the HTML or the k parameter in reCAPTCHA script URLs.
    • Note the full page URL where the invisible reCAPTCHA is active.

  2. Submit the task:

  3. Receive a task ID and wait 15–20 seconds.

  4. Poll for the result:

  1. Apply the token based on the site’s implementation:

    • Standard injection (most common): 
      document.getElementById("g-recaptcha-response").innerHTML = "TOKEN_FROM_CAPTCHAAI";
    • Callback-based execution (if the site uses one): 
      // Replace `onVerify` with the actual callback name
      onVerify("TOKEN_FROM_CAPTCHAAI");

  2. Trigger the protected action (e.g., form submission, button click) immediately after token injection.

Note: Invisible reCAPTCHA often validates the token only when the protected action occurs—so ensure the token is set before triggering that action.

Best Practices

  • Include browser context (user-agent, cookies, IP via proxy) to match the environment where the reCAPTCHA was loaded, which helps improve solve success rates.
  • The invisible=1 flag is required; omitting it may result in failed solves.