Extension for browsers

For business

Pricing

Blog

Docs

English

GeeTest CAPTCHA v3
and CapMonster Cloud

Captcha solving, website integration, and testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses GeeTest CAPTCHA v3, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate GeeTest CAPTCHA v3 so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is GeeTest CAPTCHA v3

GeeTest CAPTCHA v3 is a protection system for websites against automated actions that can harm the resource. It helps distinguish real users from bots, ensuring security and stable operation of the web resource.

Examples of GeeTest CAPTCHA v3

Intelligent mode

User verification is performed mainly based on behavior and interaction with the site, without solving explicit challenges.

Slide CAPTCHA

A slider that must be moved to assemble a puzzle or align an image element.

Icon CAPTCHA

Selecting images in the specified order.

Space CAPTCHA

Moving a figure on the image to the correct position.

How to solve GeeTest CAPTCHA v3 with CapMonster Cloud

When testing forms that include GeeTest CAPTCHA v3, you often need to verify that the captcha works and is integrated correctly.

You can verify the captcha embedded on your site manually.

Open the form page and make sure the captcha renders.
Try submitting the form without solving it — the server should return an error.
After a successful solution, the form must be submitted without issues.

For automatic solving you can use tools like CapMonster Cloud, which accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. Insert this token into the form to pass the check without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this stage you send your API key, captcha type, and its parameters. The service returns a unique taskId, which can later be used to get the result.

Sending an API request

Your request to solve GeeTest CAPTCHA v3 must include the following parameters:

type - GeeTestTask;

websiteURL - the address of the page where the user passes the captcha. The correct URL is sent in the Referer header when making a request to https://api-na.geetest.com/gettype.php;

gt - GeeTest gt key identifier for the domain;

challenge - before each task you need to send a request that returns a new challenge value; otherwise, an expired token will trigger the ERROR_TOKEN_EXPIRED error;

geetestApiServerSubdomain - subdomain of the Geetest API server (must be different from api.geetest.com).

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:

{
	"clientKey":"YOUR_CAPMONSTER_CLOUD_API_KEY",
	"task":
	{
		"type":"GeeTestTask",
		"websiteURL":"https://www.example.com",
		"gt":"022397c99c9f646f6477822485f30404",
		"challenge":"7f044f48bc951ecfbfc03842b5e1fe59",
		"geetestApiServerSubdomain":"api-na.geetest.com"

	}
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:

{
  "errorId":0,
  "status":"ready",
  "solution": {
	"challenge":"0f759dd1ea6c4wc76cedc2991039ca4f23",
	"validate":"6275e26419211d1f526e674d97110e15",
	"seccode":"510cd9735583edcb158601067195a5eb|jordan"
  }
}

Placing the token on the page

After receiving the captcha solution result from the server (the values of challenge, validate, and seccode), you must pass them to the site. The server will verify the data and confirm that the captcha has been successfully passed. For automation you can use HTTP requests or tools like Puppeteer, Selenium, or Playwright — they allow you to insert the values into the form and send the request, emulating user actions.

Recognizing GeeTest CAPTCHA v3 using ready-made libraries

The CapMonster Cloud service provides ready-made libraries for convenient work in Python, JavaScript (Node.js), and C#.

Python

JavaScript

Solving, inserting the token, and submitting the form

Node.js example for the full captcha recognition cycle on your web page. Possible approaches: use HTTP requests to obtain the HTML and captcha parameters, send the answer and process the result; or, using automation tools (for example, Playwright), open the page, wait for the captcha, send the parameters (for testing you can send both correct and incorrect data), obtain the solution via the CapMonster Cloud client, insert the token into the form, and see the result.

// npm install playwright @zennolab_com/capmonstercloud-client
// npx playwright install chromium

import { chromium } from 'playwright';
import { CapMonsterCloudClientFactory, ClientOptions, GeeTestRequest } from '@zennolab_com/capmonstercloud-client';

const API_KEY = 'your_capmonster_cloud_api_key';
const DEMO_PAGE = 'https://example.com';

(async () => {
  const browser = await chromium.launch({ headless: false });
  const page = await browser.newPage();

  console.log('Opening the page...');
  await page.goto(DEMO_PAGE, { waitUntil: 'networkidle' });

  console.log('Getting captcha parameters...');
  const init = await page.evaluate(async () => {
    // Sending a request to the server to get init-params for GeeTest; replace with your value
    const r = await fetch(`/api/v1/example/gee-test/init-params?t=${Date.now()}`);  
    return r.json();
  });
  console.log('Init params:', init);

  console.log('Creating a task for CapMonster Cloud...');
  const cmc = CapMonsterCloudClientFactory.Create(new ClientOptions({ clientKey: API_KEY }));
  const solRaw = await cmc.Solve(new GeeTestRequest({ websiteURL: DEMO_PAGE, gt: init.gt, challenge: init.challenge }));
  const sol = solRaw.solution || solRaw;
  console.log('Captcha solution:', sol);

  console.log('Inserting the solution into the hidden fields...');
  await page.evaluate(s => {
    ['challenge','validate','seccode'].forEach(n => {
      const el = document.querySelector(`input[name="geetest_${n}"]`);
      if(el) el.value = s[n];
    });
  }, sol);

  await page.click('button[data-action="test_action"]'); // replace with your value
  console.log('Sending the verify request to the server...');
  const result = await page.evaluate(async () => {
    const payload = {
      geetest_challenge: document.querySelector('input[name="geetest_challenge"]')?.value,
      geetest_validate: document.querySelector('input[name="geetest_validate"]')?.value,
      geetest_seccode: document.querySelector('input[name="geetest_seccode"]')?.value
    };
    // replace with your value
    const r = await fetch('/api/v1/example/gee-test/verify', { 
      method:'POST', 
      headers:{'Content-Type':'application/json'}, 
      body: JSON.stringify(payload) 
    });
    return r.json();
  });

  console.log('Captcha verification result:', result);

  await page.waitForTimeout(3000);
  await browser.close();
})();

There is also a great way to test captcha recognition using the CapMonster Cloud browser extension, which allows you to quickly check how the captcha works right on the page and monitor the solving process in real time without writing any code – available for installation in Chrome and Firefox.

How to connect GeeTest CAPTCHA v3 to your site

To confidently understand how the captcha works on your site, how its validation logic behaves, and to reconnect or reconfigure it, we recommend studying this section. It describes the protection setup process – this will help you quickly understand all the details.

1. Register or log in to your GeeTest account.

2. Go to the Captcha Dashboard and select CAPTCHA v3:

HowTo Connect image 1

3. Click +New Captcha to create a new captcha. Specify the captcha name (for example, product or project), the URL of the site where the captcha will be integrated, and choose the captcha usage context (for example, Login / Registration / Password reset, etc.).

4. You will receive unique CAPTCHA ID and KEY. They can be configured in the security panel.

HowTo Connect image 2

5. Configure the server side (Server SDK):

The server works with two APIs:

API1 – initialization (creating the challenge)
API2 – verification of the result after the captcha is passed

<?php
header('Content-Type: application/json');

const CAPTCHA_ID = '07df3141a35**********19a473d7c50';
const CAPTCHA_KEY = '543b19036ef********8e07d121b81e9';

$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);

function getJson($url) {
    $res = @file_get_contents($url);
    return $res ? json_decode($res, true) : null;
}

// API1: Initialization
if ($path === '/register') {
    $data = getJson("https://api.geetest.com/register.php?gt=" . CAPTCHA_ID . "&json_format=1");
    echo json_encode($data ? [
        'gt' => CAPTCHA_ID,
        'challenge' => $data['challenge'],
        'success' => $data['success'] === 1,
        'new_captcha' => true
    ] : ['success' => 0]);
    exit;
}

// API2: Verification
if ($path === '/validate' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    $req = json_decode(file_get_contents('php://input'), true);
    $data = getJson("https://api.geetest.com/validate.php?" . http_build_query([
        'seccode' => $req['geetest_seccode'] ?? '',
        'challenge' => $req['geetest_challenge'] ?? '',
        'gt' => CAPTCHA_ID,
        'json_format' => 1
    ]));
    echo json_encode(['success' => !empty($data['seccode'])]);
    exit;
}

http_response_code(404);
echo json_encode(['error' => 'Not found']);

6. Connect the client side (Client SDK):

On the client you load gt.js and call initGeetest, passing the parameters from the server (API1). Example using ajax:

ajax({
    url: "https://example.com/register",
    type: "get",
    dataType: "json",
    success: function (data) {
        initGeetest({
            gt: data.gt,
            challenge: data.challenge,
            offline: !data.success,
            new_captcha: true
        }, function (captchaObj) {
            captchaObj.appendTo("#captcha");

            captchaObj.onSuccess(function () {
                const result = captchaObj.getValidate();
                ajax({
                    url: "https://example.com/validate",
                    type: "post",
                    contentType: "application/json",
                    data: JSON.stringify(result),
                    success: function(res) {
                        if (res.success) alert('CAPTCHA passed');
                        else alert('CAPTCHA failed');
                    }
                });
            });
        });
    }
});

Checking the operation

Make sure that:

/register returns challenge
The captcha is displayed correctly
After passing the captcha, a request to /validate is visible in the browser console
The server returns "success": true

Failback (fallback mode)

If the GeeTest server is unavailable:

The client receives success: false
The captcha switches to local mode (works without connecting to GeeTest Cloud). To test this, simply substitute an incorrect CAPTCHA_ID (for example, 123456789).

GeeTest also provides official server-side SDKs for different platforms and languages — you can choose the one that matches your technology stack. You can learn more in the official GeeTest CAPTCHA v3 documentation.

Possible errors and debugging

Incorrect parameters

The captcha is not displayed or returns the invalid-gt / invalid-challenge error. Make sure you use the current gt and challenge values for your page.

Solution timeout

The captcha solution was not received in time. Increase the waiting time when using automatic solving services (for example, CapMonster).

Empty fields

challenge, validate, or seccode are not passed to the page. Make sure they are correctly inserted into the hidden form fields.

Response success=false

The token has expired, was reused, or is fake. For diagnostics, enable request logging and check the fields returned by the server (error-codes when working with CapMonster or your verification server).

Protection resilience checks

After integration, make sure the system really protects the site from automated actions.

Try making a request without solving the captcha — the server should return success: false.

Perform load testing (for example, using k6 or JMeter) at speeds above 100 requests per second — the captcha should be displayed correctly, and the validation system should remain stable.

Check the server’s response to an expired or repeatedly sent token (seccode) — the expected response should be a rejection (403 Forbidden or success: false).

Security and optimization tips

Store the <b>captcha key (secret KEY) only on the server</b> and do not pass it to the client side.

Store the captcha key (secret KEY) only on the server and do not pass it to the client side.

Log error codes during verification (<b>error-codes</b> or server response fields) to understand the reasons for failed checks.

Log error codes during verification (error-codes or server response fields) to understand the reasons for failed checks.

Add links to the <b>Privacy Policy</b> and <b>GeeTest Terms of Use</b> at the bottom of the form, if required by the license or your internal policies.

Add links to the Privacy Policy and GeeTest Terms of Use at the bottom of the form, if required by the license or your internal policies.

Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of GeeTest CAPTCHA v3, it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify GeeTest CAPTCHA v3 and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Helpful links

GeeTest v3 documentation →

CapMonster Cloud documentation (working with GeeTest v3) →

Creating an account in GeeTest →

Creating an account in CapMonster Cloud →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

GeeTest CAPTCHA v3 and CapMonster Cloud

How to solve GeeTest CAPTCHA v3 with CapMonster Cloud

GeeTest CAPTCHA v3
and CapMonster Cloud