Has there anyone come out with a good way to bypass a Recaptcha check in a page to launch a bot test?
Basically, I want for a particular bot (for which I know the IP address) to bypass a google recaptcha check and not sure what would be the most apropiate way of doing it.
I have seen this question How to bypass recaptcha human check in nightwatch test? but it does not seem to give a clear anwser.
Thanks
EDIT
I am referring myself to the invisible recaptcha that will show some random images and thus the bot will not know where to click to pass the check.
In short, yes they can. While reCAPTCHA v2 and v3 can help limit simple bot traffic, both versions come with several problems: User experience suffers, as human users hate the image/audio recognition challenges. CAPTCHA farms and advances in AI allow cybercriminals and advanced bots to bypass reCAPTCHAs easily.
You can test invisible recaptcha by using Chrome emulator. You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop . Then use the new BOT device when testing on your site to trigger the recaptcha authentication.
To bypass recaptcha v3, first you must find anchor URL. Open inspect-element on your browser. Go to the web page that has reCaptcha V3 (not V2 invisible). In Network tab you should see many requests.
It looks like there is a special set of test keys you can use.
If you configure your testing environment to use these keys, reCaptcha will always return a valid response.
Excerpt from the link below:
With the following test keys, you will always get No CAPTCHA and all verification requests will pass.
Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
The reCAPTCHA widget will show a warning message to claim that it's only for testing purpose. Please do not use these keys for your production traffic.
https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do
As long as you have control over the server:
You can create a if check when validating the captcha on the server side. So when you make the call to google, surround it with an if() check that checks for the current IP, and if it matches a certain IP, or an array of IP's then ignore the validation.
if($_SERVER['REMOTE_ADDR'] !== 'x.x.x.x') {
//Code that checks captcha and returns error if invalid
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With