[ACTION] – Harvest Google RECAPTCHA

[walmat]

Whether or not you can bypass the captcha request is a make or break feature when it comes to bots nowadays. If that's not possible, it must be a requirement to get as many "1-click" no-captcha requests as possible.

This thread will be used to discuss any-and-all strategies toward coming up with a way of either bypassing/getting as many 1-clicks as possible.

All the information below is specific to https://blendsus.com

Endpoints

Using Charles, I was able to find the endpoints for the captcha request & response.

• https://www.google.com/recaptcha/api.js?onload=recaptchaCallback&render=explicit&hl=en
• https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeoeSkTAAAAAA9rkZs5oS82l69OEYjKRZAiKdaF&co=aHR0cHM6Ly93d3cuYmxlbmRzdXMuY29tOjQ0Mw..&hl=en&v=v1536180392857&size=normal&cb=5gc865xyotmu
• https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=v1536180392857
• https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1536180392857&k=6LeoeSkTAAAAAA9rkZs5oS82l69OEYjKRZAiKdaF&cb=f4p9zw8nv22e
• https://www.google.com/recaptcha/api2/reload?k=6LeoeSkTAAAAAA9rkZs5oS82l69OEYjKRZAiKdaF
• https://www.google.com/recaptcha/api2/userverify?k=6LeoeSkTAAAAAA9rkZs5oS82l69OEYjKRZAiKdaF

You'll notice a common theme here: 6LeoeSkTAAAAAA9rkZs5oS82l69OEYjKRZAiKdaF. From here on out, this will be referred to as the site_key, which by the name you might guess… is site specific.

The last two of the endpoints are the ones we want to really worry about. In order for Google to give us an approval rating, the request will contain data collected from: mouse movements, clicks, drags, and other events (see: this) in a base-64 encoded string.

Here's an example request to the given endpoint from the URL posted above:

v=v1536180392857&c=03AL4dnxqxTBtx-pt7i_pjjS6hEA-IqXMrocqJkgZaTTSMXpMUw9xx3YpFzpad61dOfpB5yE7RIZpUjibYyrzjfG8O831CzlILP2JGMRF6kWEmrWSEnfdBdYcyQw2_2jUzkmWVBBZ6pbAlN4urmGVqcw7gFqfJlh33VWIwWsmOv8vFVMzXUAjYbValxnFLZ6gn4XPmlF7oz2zs6nAxKWiief6wkAkyg6B2NopLVZUAsGbM3RS8a5quKwuI_XrZZa7H4taE8eENb5mddRI4xEOuA31f00LWHYEveVqXipkwllIyPqQdUnC8kPKo28bGKHwF6TWRdlxS1PKfpu4Pxzb6-jt8fNx43-OJcYlTnatzTxV4QGt37uwFdPO26J2yyIfTuSx55YDIiwzxMVubZ2Eu2KRJbLFjdE9wtZdxfoCzL-xntlxpc8Z1VwZi0m1dMDZGv2WH17-KlOuvgN5IQqh1uyPAzL-QHe4NFFMcnZJ1dRovc1w76bg24SV2ZOe8xQwZ_RmwSwrosnSZqwqA64c87TR5Y3esqfwQQl-ucUEYna1dmStjEDDpupPHB8RKuc2XXYMHtO_dl3GbWm4Q0sGOVmPJiTl6N_GZjLwqCRXCFi7i50AIs_qIMdLdH5IkQl6TNOjSLNjIx4PeiLTxsqdaZHcj75Q9njUdYnKVci5xEfDXTeXCdpDFXPa_Nxorw8kSN8512FVaIJ_zqCM33d6W7ezJ-xrZQN-Vq2qarkV_t9r9XksViiEbOGofjo8LgA4t2B_ne8GfwFoS2IR08hHhroERUlEZFS3oqBzY0_496AhAaotpE3366NWLAPFza_HflAuFLBgzIYd1LnE2YYlgEqFSllyWmrs6QFNsbbMcE-ur_Ys9EPCjIzRj4qgVz-7Ht-gIXDodVQ_sI16FzGNd0mI7LCPy3q-PAN-1O5_dgJwUOIRopy7LUi9__fn4MyKxtVg5E5GH3gshPzYBIGZFrRj1ijdMAaEJyZfEciIn1QPdN1JoBZFGxcTrDeGPq6RIhMG7xSK-H3w-Kvp5lYo16lTEdBNzmiO9mbhRB_GQCWphKG50AwcGkQuOeDPHFKkagbQG8cdfpyQOUDfdyjBjPxWx9bjrng_DAHvU4gnVjal2jXvTpGj6WFLcQ6Djf-lz9_9K_2JFzaJTrpEIP1Gq6huHlWckGYZ4KTN8C1MB5ce6QmIiBHWti-yz3tWOv2Dkh5ozgUkdMKWqZhDegaokYRnK3srt05vdqDRNPQUu9rnavDR3AJ2-625VyMKkXRYmn3tll-2W11M6T-oAIyWveE3cQqO0ubvKpFZwJKPuzulQDBLgzZmdhho0VDPN4M5Il8hD8u-WMWUl&response=eyJyZXNwb25zZSI6IiIsInMiOiIxMDU2In0.&t=311&ct=311&bg=!g4WghaRHB7XcRclde1RBsz9lxnpPRCkHAAAAL1cAAABqnAPj5FThtqEjWxS5UWHShonVzaHi9As7-gs61iOaxA49B55KSOzg2ehVLeOUv2685n6qw_eNlBh81_nESMM0-3M--PQJnCkbhIhC7RZd_eZGr3b-pcSL4oObgO48CYiiQ_Lla6JWt69E_W4PJCnAmbCP_Db87cqtpR9yMTSq2GwaDf1mpnl3zIPmtWVqwIHI0KAcGq1Q6Pkwm3t3HfGVvUTtEl9pm0bEykh25XLdOerwSiFOJQnz0ACjRdn2kIw5ICyK9KpYxVixrDzrf1pAeIHafYExNTM8qMw0YOFm5sJXLOeAfvoIZrqZ4-IRGXI4s72qAJBfsk39bnl5etPhNxGlaWR3GLdKroqAwvyShTP_mnlGwemmI9Q0yEj3x6x4Kkl37OXGzd938rwlXj3Dj26XB4u4jPnt3i92XxLCNFzkAPozj9gkXI_KHPcDffh8VQCLLY0-ZJWqFsDscwTx_iHID9WuTFvup99PL6KqZVD2UaY_-j1lL_WP9-Gsqe_CvuuJ3lel89EahHttQJ4T4gqYb45trif5Z-7jU83GvRrzM-XJYt764pCfn8aHCgMYScXfiBbVbWHZwfbPLiylQJ7LMSFs2W1Niz1_fOedAwVEkCRHsEc_umoX4iivwey4UuxBoqeZa8pB5pPjxrLSjgB6pAPqEEuvem_0ijgoFwCugGh03BAAEwZG_9cKdDluehgaMa3hcLBcjSAiQuBTF9Fq3Z7kd3rWZszwTRQdiLD9ie3YblTZ3upQ2m9Sh4MNRjGrVN_RU42fKGdyEzncrTAUP3hafO80lu7LpJGbhUswIZSLLRkBFRSvldXf5xNI8N3EE7kyBi5p9fPrLE95FyzPrkqTKgvi6Z9MECPhPDVNAQco-hLah53y9uhPelEyKiaX6LiO0onkvy9hVdOu4mBr-WAAOoAF_IpTjqKsPdVV8pc9kamEDdG6KHDoXOz1NYCi7vDJysNmkXI695WWYtyZUjdGTTbWCNTVwBxUkfiDHoP3jKw_snicKBVM4DtPj3tgn3GDt1xJIhXefq1OHilZ2laEGoftrP0I0iUm8SbOB3mo-QOglLGbePadO1_bWSgGM91NMCO2Ywce0qQn0fWOmh3zzsXDk6TnbB_Bk9AgyhyzFVqH0292YwjW8tJrr1BBXA66w-71_ZLYGDSO0irfYK2zWXhcOBnrJTkiGgJ0XVqug3FtfCyhJs-FOLVicJtqf454w-gHfX5Rgz56hHJQflX2s3L4rHrXklfEVsTl39mOtP0bcp1Kdul5jlbaYf1c7_nXgc1mDsHsNgw18TF2YpVBXV2PqdakAwvJWWOc8HaK-gw

Which returns a valid response:

["uvresp","03AL4dnxrFzw_b1OqHM2Yt6VO_S5tJqDvNwFa2UVLl19ossZ0zIiS690FbDGHC7CzXrvN1XQHWcYmqkZx7uVjiO7NjejaISWhu6_iHCQ1ZPTSjNeUgta37OZnun7IfwdhXsZ_8vW3IqS2_Dao6FV64Z0-c1MVaTAT8OIM6r5aLzbJNfd3O_fc-QxhTSucA9AO_amdQuxD0sucNjGhzzLgktqMWPmxpIaQVkJ21WQzAwRvKUSmwzfVQBEDMe26XfYYo8dbYPhZbGrdI4VgrMmuPus-XCge8XiqhNg",1,120]

[ ... ] adding more later!

[walmat]

Resources

Peter's captcha Harvester No-captcha studies Reverse Engineering CAPTCHA