reCAPTCHA v2
and CapMonster Cloud

Captcha solving, site integration, and end-to-end testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses reCAPTCHA V2, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate reCAPTCHA V2 so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is Google reCAPTCHA v2

reCAPTCHA v2 is a Google protection system designed to block spam and other automated actions that might harm a website. It helps distinguish real visitors from bots, keeping your web resource secure and stable.

Examples of reCAPTCHA V2

reCAPTCHA v2

The classic checkbox captcha where the user must confirm they are human. In some cases a pop-up challenge appears, for example asking to select certain images.

reCAPTCHA v2 Invisible

An invisible captcha that validates automatically, without user interaction, and does not require clicking the checkbox.

reCAPTCHA v2 Enterprise

An enterprise version with additional controls and security features.

How to solve reCAPTCHA v2 via CapMonster Cloud

When testing forms that include reCAPTCHA V2, you often need to verify that the captcha works and is integrated correctly.

You can verify the captcha embedded on your site manually.

Open the form page and make sure the captcha renders.
Try submitting the form without solving it — the server should return an error.
After a successful solution, the form must be submitted without issues.

For automatic solving you can use tools like CapMonster Cloud, which accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. Insert this token into the form to pass the check without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this stage, you send your API key, captcha type, and parameters. The service returns a unique taskId that you later use to fetch the result.

Sending an API request

Your request to solve reCAPTCHA v2 must include the following parameters:

type - RecaptchaV2Task;

websiteURL - the page address where the captcha appears;

websiteKey - the site key (sitekey) specified on your captcha page.

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:

{
  "clientKey": "API_KEY",
  "task": {
    "type": "RecaptchaV2Task",
    "websiteURL": "https://lessons.zennolab.com/captchas/recaptcha/v2_simple.php?level=high",
    "websiteKey": "6Lcg7CMUAAAAANphynKgn9YAgA4tQ2KI_iqRyTwd"
  }
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:

{
  "errorId": 0,
  "status": "ready",
  "solution": {
    "gRecaptchaResponse": "03AFcWeA66ZARdA5te7acD9vSwWE2hEQ2-B2aqFxm455iMA-g-Jis…"
  }
}

Placing the token on the page

The returned token (the "gRecaptchaResponse" value) can be inserted into a hidden form field or passed to a JS function on your site to confirm the solution. After that, the server accepts the form as correctly completed. To automate the flow, use Puppeteer, Selenium, or Playwright to emulate user actions, inject tokens, and submit forms.

Instead of retrieving a token, you can use the click-based solving method. See the CapMonster Cloud documentation for details.

Solving reCAPTCHA v2 with ready-made libraries

CapMonster Cloud offers SDKs for convenient work with Python, JavaScript (Node.js), and C#.

Python

JavaScript

Solving, inserting the token, and submitting the form

A Node.js example that covers the entire captcha-solving cycle for your web page. Possible approaches: use HTTP requests to fetch HTML and captcha parameters, send the answer, and process the result; or rely on automation tools (e.g., Playwright) to open the page, wait for the captcha, send parameters (you can test with valid or invalid data), obtain the result through the CapMonster Cloud client, inject the token into the form, and observe the outcome.

// npm install playwright @zennolab_com/capmonstercloud-client
// npx playwright install chromium


const { chromium } = require('playwright');
const { CapMonsterCloudClientFactory, ClientOptions, RecaptchaV2Request } = require('@zennolab_com/capmonstercloud-client');

(async () => {
  const browser = await chromium.launch({ headless: false });
  const page = await browser.newPage();

  const TARGET_URL = 'https://lessons.zennolab.com/captchas/recaptcha/v2_simple.php?level=high';
  const WEBSITE_KEY = '6Lcg7CMUAAAAANphynKgn9YAgA4tQ2KI_iqRyTwd';
  const CMC_API_KEY = 'your_capmonster_cloud_api_key';

  const cmc = CapMonsterCloudClientFactory.Create(new ClientOptions({ clientKey: CMC_API_KEY }));

  await page.goto(TARGET_URL, { waitUntil: 'domcontentloaded' });

  // Captcha solving
  const solution = await cmc.Solve(new RecaptchaV2Request({ websiteURL: TARGET_URL, websiteKey: WEBSITE_KEY }));
  const token = solution.solution.gRecaptchaResponse;

  // Insert the token and submit the form (replace with the selector you need)
  await page.evaluate((t) => {
    const ta = document.querySelector('textarea#g-recaptcha-response');
    if (ta) ta.value = t;
    document.querySelector('form.formular')?.submit();
  }, token);

  console.log('Captcha solved and form submitted!');
})();

You can also test captcha recognition with the CapMonster Cloud browser extension, which lets you verify captcha behavior directly on the page and monitor the solving process in real time, without writing code. Available for Chrome and Firefox.

How to connect reCAPTCHA v2 to your site

To understand how the captcha operates on your site, learn its validation logic, and reconnect or reconfigure it, look through this section. It describes the protection setup process so you can quickly cover every nuance.

1. Go to the reCAPTCHA admin console.

2. Register a new site.

Select the captcha type — reCAPTCHA v2 (checkbox with challenges or the invisible variant).

HowTo Connect image 1

3. Obtain two keys:

Site key — the public key (used on the frontend);
Secret key — the private key (used on the server for verification).

HowTo Connect image 2

Open the settings to specify domains that can use reCAPTCHA, or choose the security level — from the simplest to the most reliable option.

4. Client-side code example. An HTML form with reCAPTCHA v2 (you can paste this snippet into the page body):

HTML form with reCAPTCHA v2

For the checkbox widget:

<html>
  <head>
    <title>reCAPTCHA demo</title>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
    <form action="submit" method="POST">
      <div class="g-recaptcha" data-sitekey="your_site_key"></div>
      <br/>
      <input type="submit" value="Submit">
    </form>
  </body>
</html>

This code loads the Google reCAPTCHA library and creates a form that posts data via the POST method. <div class="g-recaptcha" data-sitekey="your_site_key"></div> renders the reCAPTCHA v2 widget with your public key. When “Submit” is clicked, the form is sent along with the g-recaptcha-response token for backend validation.

For invisible reCAPTCHA v2:

<html>
  <head>
    <title>reCAPTCHA demo</title>
     <script src="https://www.google.com/recaptcha/api.js" async defer></script>
     <script>
       function onSubmit(token) {
         document.getElementById("demo-form").submit();
       }
     </script>
  </head>
  <body>
    <form id="demo-form" action="?" method="POST">
      <button class="g-recaptcha" data-sitekey="your_site_key" data-callback="onSubmit">Submit</button>
      <br/>
    </form>
  </body>
</html>

The button <button class="g-recaptcha" data-sitekey="your_site_key" data-callback="onSubmit">Submit</button> runs the invisible captcha automatically, generates a token, and calls onSubmit.

The onSubmit(token) function receives the g-recaptcha-response token and posts the form to your server for verification.

Unlike the regular checkbox widget, users never see the captcha — the check runs in the background.

Add hidden <input type="hidden"> fields if you need to store the token or other data for later submission via JS. See the captcha documentation for more details.

5. Validate the response on the server side.

PHP example

Check the method and read the data

?php
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    exit('Method not allowed');
}

// Retrieving the reCAPTCHA token
$token = $_POST['g-recaptcha-response'] ?? '';
$secret = 'YOUR_SECRET_KEY';

if (!$token) {
    exit('Captcha not passed');
}

Verify the captcha through Google

$response = file_get_contents(
    "https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$token"
);
$result = json_decode($response, true);

if (!empty($result['success'])) {
    echo "<h3>Form submitted successfully!</h3>";
} else {
    echo "Captcha verification error.";
}
?>

Possible errors and debugging

Invalid site or key

The captcha fails to load or returns invalid-input-secret.

Solving timeout

The server did not receive the answer in time. Increase the waiting period.

Empty token

An error occurred while passing the result to the page.

Response success=false

The token is expired, reused, or spoofed. Enable request logging and inspect the error-codes field returned by Google.

Protection resilience checks

After integration, make sure the system really protects the site from automated actions.

Try sending a request without solving the captcha — the server should return success: false.

Run a load test (for example, using k6 or JMeter) at a rate of more than 100 requests per second — the captcha should be displayed correctly and the validation system should remain stable.

Check the server’s response for an expired or re-used token — the expected response should be 403 Forbidden.

Security and optimization tips

Store the Secret Key only on the server; do not expose it on the client side.

Log the error codes (error-codes) to understand why specific checks failed.

Add links to the Privacy Policy and Google Terms of Use at the bottom of the form, as required by the license.

Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of reCAPTCHA V2, it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify reCAPTCHA V2 and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Helpful links

reCAPTCHA v2 documentation →CapMonster Cloud docs (working with reCAPTCHA v2) →Solving reCAPTCHA v2 with CapMonster Cloud →How to solve reCAPTCHA v2 in JavaScript with Selenium & CapMonster Cloud →How to solve reCAPTCHA v2 in Python with Selenium & CapMonster Cloud →How to solve reCAPTCHA v2 in C# with Selenium & CapMonster Cloud →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

reCAPTCHA v2 and CapMonster Cloud

How to solve reCAPTCHA v2 via CapMonster Cloud

reCAPTCHA v2
and CapMonster Cloud