GeeTest CAPTCHA v4
and CapMonster Cloud

Captcha solving, website integration, and testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses GeeTest CAPTCHA v4, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate GeeTest CAPTCHA v4 so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is GeeTest CAPTCHA v4

GeeTest CAPTCHA v4 (Adaptive CAPTCHA/Behavior Verification) is a more modern version compared to v3, designed to protect websites from automated actions that can damage your resource. The system tracks the behaviour and device characteristics of the site visitor and selects an appropriate challenge: for a real person the check will be as simple as possible — a single click on the captcha widget is enough, and if automation is suspected, the user is given a more complex challenge that must be passed.

Examples of GeeTest CAPTCHA v4

No CAPTCHA

User verification is performed mainly based on behaviour and interaction with the site, without solving explicit challenges.

Icon CAPTCHA

Selecting images in the specified order.

IconCrush CAPTCHA

Swapping elements so that three identical icons line up in a row (like in “match-3” puzzle games).

Slide CAPTCHA

A slider to assemble a puzzle or align image elements.

Gobang CAPTCHA

A slider to assemble a puzzle or align image elements.

How to solve GeeTest CAPTCHA v4 with CapMonster Cloud

When testing forms that include GeeTest CAPTCHA v4, you often need to verify that the captcha works and is integrated correctly.

You can verify the captcha embedded on your site manually.

Open the form page and make sure the captcha renders.
Try submitting the form without solving it — the server should return an error.
After a successful solution, the form must be submitted without issues.

For automatic solving you can use tools like CapMonster Cloud, which accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. Insert this token into the form to pass the check without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this step you pass your API key, captcha type, and its parameters. The service returns a unique taskId that you can later use to get the result.

Sending an API request

In the request for solving GeeTest CAPTCHA v4 you must pass the following parameters:

type - GeeTestTask;

websiteURL - page address where the captcha is solved;

gt - GeeTest domain identifier key – parameter captcha_id;

version - 4;

geetestApiServerSubdomain - GeeTest API server subdomain (must be different from api.geetest.com);

geetestGetLib - path to the captcha script used to display it on the page. May be required for some websites;

initParameters - extra parameters for version 4 used together with “riskType” (captcha type / verification characteristics).

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:

{
  "clientKey": "YOUR_CAPMONSTER_CLOUD_API_KEY",
  "task": {
    "type": "GeeTestTask",
    "websiteURL": "https://gt4.geetest.com/",
    "gt": "54088bb07d2df3c46b79f80300b0abbe",
    "version": 4,
    "initParameters": {
      "riskType": "slide"
    }
  }
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:

{
  "errorId": 0,
  "status": "ready",
  "solution": {
    "captcha_id": "f5c2ad5a8a3cf37192d8b9c039950f79",
    "lot_number": "bcb2c6ce2f8e4e9da74f2c1fa63bd713",
    "pass_token": "edc7a17716535a5ae624ef4707cb6e7e478dc557608b068d202682c8297695cf",
    "gen_time": "1683794919",
    "captcha_output": "XwmTZEJCJEnRIJBlvtEAZ662T...[cut]...SQ3fX-MyoYOVDMDXWSRQig56"
  }
}

Placing the token on the page

After you receive the captcha solution result from the server (the seccode payload values), you must send them to the website. The server will validate the data and confirm that the captcha has been successfully passed. To automate this you can use HTTP requests or dedicated tools such as Puppeteer, Selenium, or Playwright — they let you inject the values into a form and submit the request, emulating user actions.

Solving GeeTest CAPTCHA v4 using ready-made libraries

CapMonster Cloud provides ready-to-use libraries for convenient work in Python, JavaScript (Node.js) and C#.

Python

JavaScript

Solving, injecting the token, and submitting the form

A Node.js example for the full captcha-solving cycle on your web page. Possible approaches: use HTTP requests to fetch the HTML and captcha parameters, send the answer and process the result; or, with automation tools (for example, Playwright), open the page, wait for the captcha, send the parameters (for testing you can send both correct and incorrect data), get the solution via the CapMonster Cloud client, inject the token into the form and see the result.

// npm install playwright @zennolab_com/capmonstercloud-client

import { chromium } from "playwright";
import {
  CapMonsterCloudClientFactory,
  ClientOptions,
  GeeTestRequest
} from "@zennolab_com/capmonstercloud-client";

const CAPMONSTER_API_KEY = "YOUR_CAPMONSTER_API_KEY";

async function solveGeetestV4(pageUrl) {
  const browser = await chromium.launch({ headless: false });
  const context = await browser.newContext({ viewport: null });
  const page = await context.newPage();

  let detected = null;
  let solutionObj = null;

  // 1. Intercept the /load response (detect captcha_id, challenge, etc.)
  page.on("response", async (response) => {
    const url = response.url();
    if (!url.startsWith("https://gcaptcha4.geetest.com/load?")) return;

    const params = new URLSearchParams(url.split("?")[1] || "");
    const captchaId = params.get("captcha_id");
    const challenge = params.get("challenge");
    const captchaType = params.get("captcha_type");

    if (captchaId && challenge) {
      detected = { captchaId, challenge, captchaType };
      console.log("Detected GeeTest v4 load:", detected);
    }
  });

  // 2. Load the page
  console.log("Opening page:", pageUrl);
  await page.goto(pageUrl, { waitUntil: "domcontentloaded" });

  // 3. Wait until /load is captured
  console.log("Waiting for GeeTest /load...");
  while (!detected) {
    await page.waitForTimeout(500);
  }

  // 4. Send the task to CapMonster Cloud
  console.log("Sending task to CapMonster...");
  const cmc = CapMonsterCloudClientFactory.Create(
    new ClientOptions({ clientKey: CAPMONSTER_API_KEY })
  );

  const task = new GeeTestRequest({
    websiteURL: pageUrl,
    gt: detected.captchaId,
    challenge: detected.challenge,
    version: "4",
    initParameters: {
      riskType: detected.captchaType || "slide"
    }
  });

  const solveRes = await cmc.Solve(task);
  const sol = solveRes.solution || solveRes;

  solutionObj = {
    captcha_id: sol.captcha_id || detected.captchaId,
    captcha_output: sol.captcha_output,
    lot_number: sol.lot_number,
    pass_token: sol.pass_token
  };

  console.log("Got solution from CapMonster:", solutionObj);

  // 5. Substitute your values into /verify to get a successful response
  await page.route("https://gcaptcha4.geetest.com/verify*", async (route) => {
    console.log("Intercepted /verify, injecting fake success...");
    const body = `geetest_${Date.now()}(${JSON.stringify({
      status: "success",
      data: {
        result: "success",
        seccode: {
          captcha_id: solutionObj.captcha_id,
          captcha_output: solutionObj.captcha_output,
          lot_number: solutionObj.lot_number,
          pass_token: solutionObj.pass_token
        }
      }
    })})`;

    await route.fulfill({
      status: 200,
      contentType: "application/javascript",
      body
    });
  });

  // 6. Imitate a user action (for example, click the captcha button)
  console.log("Waiting for captcha interaction...");
  await page.waitForTimeout(3000);

  // Example of a verification call:
  try {
    await page.click('.geetest_btn'); // captcha button
    console.log("Clicked captcha button");
  } catch {
    console.log("Captcha button not found");
  }

  // Sometimes you need to call verify() manually:
  await page.evaluate(() => {
    if (window.initGeetest4 && typeof verify === "function") {
      verify();
    }
  });

  console.log("Waiting for verification request...");
  await page.waitForTimeout(3000);

  await browser.close();

  return { detected, solution: solutionObj };
}
(async () => {
  const url = "https://example.com"; // replace with a page that has GeeTest v4
  const res = await solveGeetestV4(url);
  console.log("FINISHED:", res);
})();

There is also a great option to test captcha recognition using the CapMonster Cloud browser extension, which lets you quickly check how the captcha works directly on the page and monitor the solving process in real time without writing any code – available for installation in Chrome and Firefox.

How to connect GeeTest CAPTCHA v4 to your site

To clearly understand how the captcha works on your site, how the validation behaves, and how to reconnect or reconfigure it, we recommend reading this section. It describes the protection setup process so you can quickly cover all the details.

1. Sign up or log in to your GeeTest account.

2. Go to the Captcha Dashboard and select Behavior Verification v4:

HowTo Connect image 1

3. In the dashboard click + Create application.

4. Specify APP/website name (the name of the site or application where the captcha will be used), Address (the main domain of the site where the captcha will be installed, for example https://example.com), Industry (the site category, for example “E-commerce”, “Social Media”, etc.), then click Confirm.

5. Click Add events next to the newly created application. Set Event – the name of the specific scenario (event) where the captcha will be used, for example login, register, etc.; Device – the platform (for example Web/Wap); Business types – the type of captcha usage scenario (for example, Sign-up / Sign-in — registration / login). Click Add.

6. Now you will see the ID (used on the client and on the server) and Key (used on the server for verification) of the created captcha in your dashboard:

HowTo Connect image 2

7. Connect the client side

Include the script:

<script src="https://static.geetest.com/v4/gt4.js"></script>

Initialize the CAPTCHA:

initGeetest4(
  { captchaId: "Your CaptchaId" },
  function (captcha) {
    captcha.appendTo("#captcha"); // insert into a page element
  }
);

Important:

You must initialize the CAPTCHA when the page loads; otherwise it cannot track user behaviour.
If you use multiple CAPTCHAs on one page, call initGeetest4 separately for each.
If you use the CAPTCHA inside an iframe, add sandbox="allow-scripts allow-popups".

Code example

<!-- Include the CAPTCHA script -->
  <script src="https://static.geetest.com/v4/gt4.js"></script>
</head>
<body>
  <h1>CAPTCHA Demo</h1>
  <!-- Container for the CAPTCHA -->
  <div id="captcha"></div>

  <script>
    // CAPTCHA initialization
    initGeetest4(
      {
        captchaId: "YOUR_CAPTCHA_ID" // replace with your CaptchaId
      },
      function (captcha) {
        // Insert the CAPTCHA into a page element
        captcha.appendTo("#captcha");

        // You can handle a successful pass here
        captcha.onSuccess(function() {
          const validate = captcha.getValidate();
          console.log("CAPTCHA passed!", validate);
          // Here you can send validate to the server for verification
        });
      }
    );
  </script>

8. Configure the server side.

When a user passes the CAPTCHA on the frontend, a set of parameters is generated. You must send these parameters to the backend and then verify them via GeeTest’s secondary API to confirm that the check was successful.

Secondary verification API:

url

http://gcaptcha4.geetest.com/validate

Method: GET/POST
Content-Type: application/x-www-form-urlencoded
Response: JSON

Main request parameters

lot_number – verification serial number
captcha_output – verification payload
pass_token – verification token
gen_time – verification generation time
captcha_id – CAPTCHA ID
sign_token – signature for verification

Example of a successful response

{
  "status": "success",
  "result": "success",
  "reason": "",
  "captcha_args": {
    "used_type": "slide",
    "user_ip": "127.0.0.1",
    "lot_number": "4dc3cfc2cdff448cad8d13107198d473",
    "scene": "anti crawler",
    "referer": "http://127.0.0.1:8077/"
  }
}

Example of CAPTCHA verification in PHP

<?php
$captcha_id = 'YOUR_CAPTCHA_ID';
$captcha_key = 'YOUR_CAPTCHA_KEY';
$api_server = 'http://gcaptcha4.geetest.com';

// Get parameters from the frontend
$lot_number = $_POST['lot_number'] ?? '';
$captcha_output = $_POST['captcha_output'] ?? '';
$pass_token = $_POST['pass_token'] ?? '';
$gen_time = $_POST['gen_time'] ?? '';

// Generate the signature
$sign_token = hash_hmac('sha256', $lot_number, $captcha_key);

// Build the request payload
$data = [
    'lot_number' => $lot_number,
    'captcha_output' => $captcha_output,
    'pass_token' => $pass_token,
    'gen_time' => $gen_time,
    'sign_token' => $sign_token
];

// Request to the secondary verification API
$url = $api_server . '/validate?captcha_id=' . $captcha_id;
$options = [
    'http' => [
        'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
        'method'  => 'POST',
        'content' => http_build_query($data),
        'timeout' => 5
    ]
];

$context  = stream_context_create($options);
$result = @file_get_contents($url, false, $context);
if ($result === FALSE) {
    $response = ['login' => 'fail', 'reason' => 'request geetest api fail'];
} else {
    $gt_msg = json_decode($result, true);
    if ($gt_msg['result'] === 'success') {
        $response = ['login' => 'success', 'reason' => $gt_msg['reason']];
    } else {
        $response = ['login' => 'fail', 'reason' => $gt_msg['reason']];
    }
}

echo json_encode($response);
?>

To fine-tune the captcha configuration, choose the optimal protection strategy, widget style and animation, and get more details about the integration parameters, use the GeeTest developer console and the official documentation.

Possible errors and debugging

Invalid parameters

The captcha is not displayed or returns errors like invalid-captcha-id / invalid-challenge. Make sure that you use up-to-date captcha_id and challenge values that match your page. These parameters are dynamically generated on every /load request.

Solution timeout

The captcha solution was not received in time. Increase the wait time when using automatic solving services (for example, CapMonster Cloud) and make sure the connection to the API is stable.

Empty fields

captcha_output, pass_token or lot_number are not passed to the page or to the verification request. Make sure these values are correctly inserted into hidden form fields or into the request body to your server.

Response success=false

The token is expired, reused, or forged. Enable logging of all requests and responses from the verification server to track fields like error_code or error_msg.

Protection resilience checks

After integration, make sure the system really protects the site from automated actions.

Try sending a request without solving the captcha — the server should return success: false.

Run load testing (for example with k6 or JMeter) at a rate above 100 requests per second — the captcha must be displayed correctly and the validation system should remain stable.

Check the server’s reaction when using an expired or re-submitted token (pass_token / lot_number) — the expected response is: 403 Forbidden or "status":"error".

Security and optimization tips

Store the <b>captcha key (secret KEY) on the server only</b>; never expose it to the client side.

Store the captcha key (secret KEY) on the server only; never expose it to the client side.

Log error codes during verification (<b>error-codes</b> or fields from the server response) so you understand why checks fail.

Log error codes during verification (error-codes or fields from the server response) so you understand why checks fail.

Add links to your <b>Privacy Policy</b> and <b>GeeTest Terms of Use</b> at the bottom of the form if required by license or internal policies.

Add links to your Privacy Policy and GeeTest Terms of Use at the bottom of the form if required by license or internal policies.

Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of GeeTest CAPTCHA v4, it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify GeeTest CAPTCHA v4 and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Helpful links

GeeTest v4 documentation →

GeeTest v4 developer console →

CapMonster Cloud documentation (working with GeeTest v4) →

Create a GeeTest account →

Create a CapMonster Cloud account →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

GeeTest CAPTCHA v4 and CapMonster Cloud

How to solve GeeTest CAPTCHA v4 with CapMonster Cloud

GeeTest CAPTCHA v4
and CapMonster Cloud