I created a updated version of uncaptcha2 that works again in 2021

[NikolaiT]

Hi guys,

Thanks for the awesome work.

I think it is extremely funny that it is possible to solve Goolge's ReCaptcha with their own Speech-to-text API.

So I updated your code base and made it working again. See the repository: https://github.com/NikolaiT/uncaptcha3

Biggest change: Google removed the audio download link. I obtain the audio mp3 download link now via the Dev Console. Another possibility would be too start the browser with remote debugging enabled and to grab the download link with puppeteer.

Ahh yeah, and I randomized the mouse movements a bit and created random intermediate mouse movements before going to the destination.

Best, Nikolai

[ecthros]

Thanks for sharing! I've been following some of the updates Google's been making, and it doesn't seem like they've made any big changes. I was briefly in contact with them, and they let me know that they're more interested in their rate limiting that detects if you're sending automated queries. As far as I can tell, it seems to just check how many audio captchas you're doing in a short amount of time, so I'm not sure it's even possible to bypass, but I'd love to hear thoughts!

[Kkevsterrr]

Hi Nikolai -

Thanks so much for reaching out - this is awesome! It's so cool to see the community keeping uncaptcha alive. It's amazing to me that in 2021 this attack vector still exists - great work on this!

Best, Kevin

On Jan 2, 2021, at 7:27 AM, Nikolai Tschacher notifications@github.com wrote:

 Hi guys,

Thanks for the awesome work.

I think it is extremely funny that it is possible to solve Goolge's ReCaptcha with their own Speech-to-text API.

So I updated your code base and made it working again. See the repository: https://github.com/NikolaiT/uncaptcha3

Biggest change: Google removed the audio download link. I obtain the audio mp3 download link now via the Dev Console. Another possibility would be too start the browser with remote debugging enabled and to grab the download link with puppeteer.

Best, Nikolai

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[NikolaiT]

Thanks for replying! I remember when I first saw this repository in 2019, I thought "no way that works". After trying it out for myself, I couldn't believe that it works so well after three years of its inception.

After a while, Google blocks you based on one of (or combination of):

1. Your IP address
2. Your Browser fingerprint
3. Your Browser JavaScript configuration if using headless browsers
4. Or the lack of human-like behavior such as mouse events or touch events

BUT: The Audio reCAPTCHA itself is completely, utterly broken. The normal, visual reCAPTCHA still works more or less. But it's a matter of time I guess.

My estimation is: In 2021 and the near future, there is no other way to tell humans apart from bots than to:

1. Record massive amounts of real human website behavior (mouse movments, scrolling, touch events, resizing)
2. Train an advanced Artifical Neuronal Network with this data
3. And compare it to live behavioral data

Kinda interesting times.

[QIN2DIM]

In 2022, we can insert a mouse track based on the Bessel curve in some visual challenges. Any operation is done based on motiondata.