- Install Firebug extension for Firefox. It's available for Chrome as well, but it's WAY different there. Note that if you want Firebug to look like mine, install older version of Firefox 50.0.1 from here. In later versions Firebug looks disgusting.
- Go to target website and start Firebug on it. Toggle to tab "Net" and press "Persist" button.
- Start doing actions to make "I'm not robot" checkbox to appear. Don't check the box yet.
- Find a request to Google server which contains "k" parameter with the sitekey:
Yes, this is the first time you'd actually see this sitekey, because I hid it in base64-encoded string in "POST grccd" output. Actually you don't have to worry about that, because usually sitekey is not changed too often. Changing it on daily basis would require some kind of... you won't believe... automation.. and probably solving some Google Recaptchas =). So next time you need to update it, simply open the Firebug and retrieve it in seconds.
- Now let's solve the puzzle and see what's going to happen with g-recaptcha-response value. Yeah I made it to submit in AJAX request like a real prosubmit the form.
- Check out requests to target website and find that long hash in one of the requests:
Yes, probably it's the one. Click on "response" tab and copy/remember everything what JS might identify as successful recaptcha solution:
Now, check out what happens if you submit some random string.To do that in browser, you have to reveal hidden textarea where g-response is stored. (On my example it is already displayed).
- Refresh the page.
- Right-click on the Recaptcha and select "Inspect with Firebug".
- Using search field, find textarea with id="g-recaptcha-response", select its tag, and uncheck "display:none" CSS option:
Now textarea becomes visible on the page. Type something random in it and press "proceed"
Put random value in textarea with title "recaptcha hash".
Info title Hint
In my example token is read from this place, but actually site coders might keep in browser memory. In case they do, use Firebug's option "copy as cURL" for network requests, and paste the string in any UNIX terminal. It is actual simulation of real browser network request.
So if you want to see how exactly request looks when g-response hash is wrong, simply replace it in cURL request with something else. You may need to use a text editor like notepad to replace it.
- Submit the form and look into submit request parameters.
- Remember/copy the response. This is how it looks like when response hash is incorrect. Use this knowledge to understand if form submit was unsuccessful.
- Now you are ready to build your script or application which will automate form submission. Follow standart procedure to generate g-reponses for target website.