Test invisible recaptcha

2019-04-05 16:52发布

站内问答 / 后端开发
1985 8 5

We have integrated invisible recaptcha in one of our websites. Whenever we submit the form it automatically submits.

I read in some google groups that we would get a challenge when accessed on edge browser. But for us, it is automatically submitted.

Any specific steps to test the invisible recaptcha?

8条回答
爷、活的狠高调
2楼-- · 2019-04-05 17:06

The way I tackled it:

  1. Go to your POST to google.com/recaptcha/api/siteverify

  2. Before the response is returned, set the success property in the response to false.

I'm using Guzzle in Laravel (thanks to this example):

$response = $client->post('https://www.google.com/recaptcha/api/siteverify', [
    'query' => [
        'secret' => env('RECAPTCHA_V3_SECRET_KEY'),
        'response' => $value,
        'remoteip' => $_SERVER['REMOTE_ADDR'],
    ]
]);

$body = $response->getBody();

$contents = json_decode($body->getContents());

$contents->success = false;

return $contents;
查看更多
0人赞 添加讨论(0) 举报
再贱就再见
3楼-- · 2019-04-05 17:10

If you did not implement the code yourself, the first thing to check is the source code, see if reCaptcha is actually loaded. When using a CMS, I search for this line (or similar):

script type='text/javascript' async defer src='https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit&hl=de-CH'
查看更多
0人赞 添加讨论(0) 举报
不美不萌又怎样
4楼-- · 2019-04-05 17:13

You can test invisible recaptcha by using Chrome emulator.

You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop. Then use the new BOT device when testing on your site to trigger the recaptcha authentication.

查看更多
0人赞 添加讨论(0) 举报
叛逆
5楼-- · 2019-04-05 17:15

If you have the luxury of a VPN, switch to a bad rep IP or country or an IP commonly used for P2P. This works for me most of the time.

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
6楼-- · 2019-04-05 17:18

I found an excellent answer that works as of 2018-08-27.

In Chrome, hit F12 to open the Developer Console. Next, toggle the Device Toolbar, select a device and click Edit... Now, add a new device with the following configuration:

enter image description here

Once you hit save and use the new device, the ReCaptcha should open a modal requiring the user to match images.

Credit: This answer was originally posted on https://www.tectite.com/fmhowto/test-invisible-recaptcha.php?WWWTECTITE=p32j2na5otc4rmtbmfsmf9rci6

查看更多
0人赞 添加讨论(0) 举报
仙女界的扛把子
7楼-- · 2019-04-05 17:21

Invisible recaptcha check fails if you try to access your page via automated tests (in my case chrome browser) since chrome has a feature to recognize if the browsers is controlled by such software... so try to create easy tests in Python or Java(+webdriver), to see if recaptcha is implemented correctly.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)