Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1. Get parameters through the browser console Network

Open the included webpage, press F12->Network

Get websiteKey

Search keyword anchor, you can find the websiteKey in the URL, for example, the k value in the following link is the websiteKey: 6LfW6wATAAAAAHLqO2pb8bDBahxlMxNdo9g947u9

Code Block
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfW6wATAAAAAHLqO2pb8bDBahxlMxNdo9g947u9&co=aHR0cHM6Ly9yZWNhcHRjaGEtZGVtby5hcHBzcG90LmNvbTo0NDM.&hl=en&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=3gteobhlohbk

Get websiteURL

websiteURL:The URL is generally the URL of the current reCaptcha page, and sometimes the URL is inconsistent with the current page URL. If this happens, please check whether the domain name in the https://www.google.com/recaptcha/api2/anchor request header referer is consistent with the current domain name, if not, the referer shall prevail

Code Block
referer: https://recaptcha-demo.appspot.com/

Get pageAction

reCaptcha v3 requires a pageAction value. If the value is wrong, it will greatly affect the token score. Search for the keyword grecaptcha in the source code of the web page, where action: xxxxx is the value we want, for example:

...

Generally this method often fails to search for pageAction, so other methods are needed

2. Get parameters through automatic recognition functions

Open the webpage where the verification code appears, press the F12 key to enter the console, and enter the custom function findRecaptchaClients() to execute

...

Code Block
[
    {
        "id": "0",
        "version": "V2",
        "sitekey": "6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-",
        "function": "onSuccess",
        "callback": "___grecaptcha_cfg.clients['0']['l']['l']['callback']",
        "pageurl": "https://www.google.com/recaptcha/api2/demo"
    }
]

 3. Get parameters through Charles (the best way)

The best way is to use Charles packet capture software to obtain detailed data of website packets, but this method has a certain threshold and requires a certain knowledge of network packet capture. How to use Charles?

Get websiteKey

After preparing your Charles, open the website using reCaptcha, and you can capture the data packet sent to Google under the www.google.comor www.recaptcha.net domain, where the anchor request can be in Content->Query String Find the k value, which is websiteKey, and you can also see the size value, which is normal, so it is not an invisible version.

...

Get websiteURL

consistent with the above method

Get pageAction

We open a demo site of reCaptcha v3, after triggering verification according to the prompt on the page, the browser will send a reload request to Google, (In other websites, the triggering methods are different, some may be triggered after the login button is clicked, and some may be triggered automatically when entering the page). The request contains a large amount of encrypted data. Use Charles to click on the data packet, and you can see the data decoded by Charles Protobuf in Content->Protobuf. The fields 8 data is the correct value of pageAction

...