recaptcha gets invalid json from call to https://www.google.com/recaptcha/api2/userverify

Question

When recaptcha makes the call to https://www.google.com/recaptcha/api2/userverify?k=

It comes back with this

)]}' ["uvresp",,,,2]

Granted with a valid k it comes back with a bit more. However the )]}' is clearly invalid json. When I try to retrieve the response with grecaptcha.getResponse() I get an empty string.

Same result when using curl.

Any help would be appreciated.

Answer 1

Actually the value returned is not valid json but well parsed by the Google's API.

Is it a protection ? I don't know, but if you look at the javascript, you can find that:

var jm=function(a,b,c,d,e,g,h,l,r){this.xl=a;this.$c=c||"GET";this.Ka=d;this.Gg=e||null;this.Td=m(h)?h:1;this.ye=0;this.xh=this.Nh=!1;this.uh=b;this.Mh=g;this.md=l||"";this.Zb=!!r;this.Wf=null};f=jm.prototype;f.getUrl=function(){return this.xl};f.ug=function(){return this.$c};f.Ca=function(){return this.Ka};f.fi=function(){return this.Zb};f.bi=function(){return this.md};var nm=function(){G.call(this);this.nj=new hm(0,mm,1,10,5E3);H(this,this.nj);this.ad=0};x(nm,G);var mm=new Nh;nm.prototype.send=function(a){return new Lc(function(b,c){var d=String(this.ad++);this.nj.send(d,a.Uf.toString(),a.ug(),a.Ca(),mm,void 0,u(function(a,d){var h=d.target;if(Xk(h)){var l=a.ml;h.B?(h=h.B.responseText,0==h.indexOf(")]}'\n")&&(h=h.substring(5)),h=Hg(h)):h=void 0;b(new l(h))}else c(new om(a))},this,a))},this)};var om=function(a){y.call(this);this.request=a};x(om,y);

especially take a look at:

var l=a.ml;h.B?(h=h.B.responseText,0==h.indexOf(")]}'\n")&&(h=h.substring(5)),h=Hg(h)):h=void 0;`

The parser explicitly checks that the value begins by )]} and strips it.

I suggest you to just apply the same substring on the "json" string