Target website for today: https://anti-captcha.com/recaptcha
Take a look in the source of the page and you won't find the "sitekey" parameter anywhere.
- Go to target website and open developer tools in your browser. Toggle to tab "Network" and press "Persist" button.
- Start doing actions to make "I'm not robot" checkbox to appear. Don't check the box yet.
- Find a request to Google server which contains "k" parameter with the sitekey:
This is the target sitekey and websites almost never replace it.
- Now let's solve the puzzle and submit the form.
- Check out requests to target website and find that long hash in one of the requests:
It's a token called "g-response". Click on "response" tab and copy/remember everything what JS might identify as successful recaptcha solution:
Most browsers also support option "copy as CURL" which transforms all used headers, query parameters and post data into a command, which can run in terminal.
Now, check out what happens if you submit some random string. Put random value in textarea with title "recaptcha hash".
- Submit the form and look into submit request parameters.
- Remember/copy the response. This is how it looks like when response hash is incorrect. Use this knowledge to understand if form submit was unsuccessful.
- Now you are ready to build your script or application which will automate form submission. Follow standart procedure to generate g-reponses for target website.