Test invisible recaptcha

[亡魂溺海] 提交于 2019-12-18 18:38:36

问题


We have integrated invisible recaptcha in one of our websites. Whenever we submit the form it automatically submits.

I read in some google groups that we would get a challenge when accessed on edge browser. But for us, it is automatically submitted.

Any specific steps to test the invisible recaptcha?


回答1:


You can test invisible recaptcha by using Chrome emulator.

You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop. Then use the new BOT device when testing on your site to trigger the recaptcha authentication.




回答2:


I found an excellent answer that works as of 2018-08-27.

In Chrome, hit F12 to open the Developer Console. Next, toggle the Device Toolbar, select a device and click Edit... Now, add a new device with the following configuration:

Once you hit save and use the new device, the ReCaptcha should open a modal requiring the user to match images.

Credit: This answer was originally posted on https://www.tectite.com/fmhowto/test-invisible-recaptcha.php?WWWTECTITE=p32j2na5otc4rmtbmfsmf9rci6




回答3:


The user-agent trick no longer works.

Instead, open postman and hit your verify endpoint a few times with an incorrect token. Your score will drop to 0.1.

Note: you will probably need to change your ip to get your score back to passing.




回答4:


I am still struggling a little bit with this but I found that the following things make invisible recaptcha puzzle more likely to appear:

  • Log into the recaptcha admin and set it to maximum security

  • Open your site from an incognito tab.

  • Sometimes leaving the login page open and trying to login after some time has passed seems to trigger the recaptcha puzzle.

I must admit though that these don't work all of the times and there are times that I really struggle to get it to work.

Update: It seems a bit strange but I have found that the invisible ReCaptcha is more likely to appear when I submit a form using the Enter key instead of pressing a button with the keyboard.




回答5:


If you have the luxury of a VPN, switch to a bad rep IP or country or an IP commonly used for P2P. This works for me most of the time.




回答6:


Invisible recaptcha check fails if you try to access your page via automated tests (in my case chrome browser) since chrome has a feature to recognize if the browsers is controlled by such software... so try to create easy tests in Python or Java(+webdriver), to see if recaptcha is implemented correctly.




回答7:


If you did not implement the code yourself, the first thing to check is the source code, see if reCaptcha is actually loaded. When using a CMS, I search for this line (or similar):

script type='text/javascript' async defer src='https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit&hl=de-CH'



回答8:


The way I tackled it:

  1. Go to your POST to google.com/recaptcha/api/siteverify

  2. Before the response is returned, set the success property in the response to false.

I'm using Guzzle in Laravel (thanks to this example):

$response = $client->post('https://www.google.com/recaptcha/api/siteverify', [
    'query' => [
        'secret' => env('RECAPTCHA_V3_SECRET_KEY'),
        'response' => $value,
        'remoteip' => $_SERVER['REMOTE_ADDR'],
    ]
]);

$body = $response->getBody();

$contents = json_decode($body->getContents());

$contents->success = false;

return $contents;



回答9:


As of 2019-06-21, it appears that it is sufficient with Google Chrome (v74.0.3729.169) to bring up a new incognito window to force the recaptcha to execute. (I had needed this for our own recaptcha testing, so I'm glad I found it.)



来源:https://stackoverflow.com/questions/48224799/test-invisible-recaptcha

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!