70

We have integrated invisible recaptcha in one of our websites. Whenever we submit the form it automatically submits.

I read in some google groups that we would get a challenge when accessed on edge browser. But for us, it is automatically submitted.

Any specific steps to test the invisible recaptcha?

Improve this question
1

11 Answers 11

Reset to default
86

You can test invisible recaptcha by using Chrome emulator.

You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop. Then use the new BOT device when testing on your site to trigger the recaptcha authentication.

Note: ReCaptcha v3 will still let the google bot pass as it has a score of 0.9 when emulating in Chrome.

V2 INVISIBLE In this case just use Incognito or Private browsing to see it works.

Here is the testing link where ReCaptcha is working: https://www.google.com/recaptcha/api2/demo?invisible=true

Please give the credits to the guys in comments below.

Improve this answer
10
  • 3
    How do you set the device to Googlebot/2.1?
    – papakias
    Apr 4, 2018 at 11:51
  • 24
    @papakias In the Dev Tools, open Settings, then Devices, add a custom device with any name and user agent equal to Googlebot/2.1. Finally, in Device Mode, at the left of the top bar, choose the device (the default is Responsive). You can test the captcha in https://www.google.com/recaptcha/api2/demo?invisible=true.
    – Lucas Basquerotto
    Jun 20, 2018 at 19:09
  • 11
    Doesn't appear to work for me. I emulated the Google bot in a private window and it still does not show the challenge. I don't know whether it's even working correctly or not.
    – nvkrj
    Nov 23, 2018 at 10:58
  • 12
    I still get a score of 0.9 when emulating Googlebot/2.1
    – Liam
    Oct 20, 2020 at 21:10
  • 7
    2023 , does not seem to work anymore
    – Jonathan DS
    Feb 3, 2023 at 11:39
53

I found an excellent answer that works as of 2018-08-27.

In Chrome, hit F12 to open the Developer Console. Next, toggle the Device Toolbar, select a device and click Edit... Now, add a new device with the following configuration:

enter image description here

Once you hit save and use the new device, the ReCaptcha should open a modal requiring the user to match images.

Credit: This answer was originally posted on https://www.tectite.com/fmhowto/test-invisible-recaptcha.php?WWWTECTITE=p32j2na5otc4rmtbmfsmf9rci6

Improve this answer
4
  • Tested it via the recaptcha demo on recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php. I get a score of 0.9 without this "hack", only 0.1 with it, so I guess it does the trick.
    – johey
    Jun 17, 2019 at 8:25
  • 4
    @johey good idea to have a test we can share. I still get 0.9 when I follow this answer though.
    – Liam
    Oct 20, 2020 at 21:06
  • 3
    This has been working for me for some time but its not working now. Google's own demo page is working when using Incognito and/or Googlebot/2.1. Is it working for others still and so just me?
    – Laurence Cope
    Mar 16, 2021 at 9:38
  • 3
    This does not work for me in Chrome. I get success = true, and score = 0.9
    – spodell
    Jan 17, 2023 at 19:25
6

May 2021

Everyone was talking about using the demo page to test it out. What we get after we tested and how it should looks like is what everyone miss out. Or probably thats why most of us are still searching for the answer.

Even though this question is 3yrs old, still its not clear how this recaptcha works. Iam trying my best to break in steps. Let me know if its works for you.

Google Demo page test

Important

Follow the steps below in the Incognito window

with the parameter

  1. Go to this url https://www.google.com/recaptcha/api2/demo?invisible=true (notice the url has ?invisible=true parameter at the end)
  2. You should see nothing but an pre-filled form with an active 'submit' button with no 'checkbox' captcha, instead you will see the badge at the bottom right.
  3. Click the 'Submit' button and you should see something like this. This is the verification check point.

enter image description here 4. Select the relevant image and the page should redirect with the message saying
Verification Success... Hooray!

But what if you didn't see any image?

If you are not seeing any verification image and the form submits with

Verification Success... Hooray!

then either the form is not working (mostly that's not the case) or you need to clear your browser cache and try again.

without the parameter

  1. Go to this url, https://www.google.com/recaptcha/api2/demo (notice, i have removed the ?invisible=true parameter from the url)
  2. You should see the good 'ol robot checkbox captcha above the 'Submit' button.

enter image description here 3. Also you can notice there won't be captcha badge at the bottom right.

Your Website

Try it in the Incognito window

  • Just like the demo you should get the same result in your website if you use invisible captcha. (Don't worry about the url parameters)
  • If your page displayed the captcha badge at the bottom right then after clicking the 'submit' button you should see the popup image window.
  • If you do not get any popup and the form submits then there's an issue with your captcha or could be browser cache.

Not seeing the checkbox ... ?

Here are some notes from reCaptcha help page - https://support.google.com/recaptcha#6223828

If you're seeing this reCAPTCHA challenge, your browser environment doesn't support the reCAPTCHA checkbox widget.
There are a few steps you can take to improve your experience:

  • Make sure your browser is fully updated (see minimum browser requirements)
  • Check that JavaScript is enabled in your browser
  • Try disabling plugins that might conflict with reCAPTCHA

Please note that some sites may have incorrectly integrated with reCAPTCHA - in this case please contact the site's webmaster.

WordPress Contact Form 7 users

You do not need to add the [recaptcha] tag.

reCAPTCHA v3 doesn’t need a CAPTCHA widget (the “I’m not a robot” checkbox used in reCAPTCHA v2) to work, so [recaptcha] form-tags are no longer necessary. If [recaptcha] form-tags are found in a form template, Contact Form 7 5.1 or higher ignores them and replaces them with an empty string.

https://contactform7.com/recaptcha/

Improve this answer
1
  • 3
    perhaps you can clarify which version(s) of reCAPTCHA your answer is addressing.
    – melutovich
    Sep 30, 2021 at 12:42
5

2022 Answer that worked for me!

Please do give this one a go as it's the only one that actually worked for me after hours of testing.

  1. Go to your reCAPTCHA admin account: https://www.google.com/recaptcha/admin/
  2. Go to your site settings
  3. Move the "Security Preference" slider all the way to the right to make reCAPTCHA trigger more often
  4. Open an Incognito window, or even better a secure web browser with a built in encrypted proxy (I think this makes reCAPTCHA more suspicious of your browser) - I used a browser call Epic Browser, which is also Chromium based: https://www.epicbrowser.com/. Note: Just using Incognito on Chrome did not work for me, hence why I went to go use Epic.
  5. Attempt to submit your form - you should hopefully receive the popup check!

As others mentioned you can also test if the browser alone triggers reCAPTCHA check by going to https://www.google.com/recaptcha/api2/demo?invisible=true and submitting the form.

This finally helped me as I was going crazy thinking my reCAPTCHA setup was not working and that I coded something wrong... But no, it was working! Just not very suspicious apparently.

I hope this helps someone as it did me!

Improve this answer
4
  • Didn't work for me... own my own site. still get 0.9 and passing But worked for me with this site google.com/recaptcha/api2/demo?invisible=true
    – ItaiRoded
    Mar 30, 2023 at 16:41
  • 3
    There is no slider in 2023 (recaptcha v3)
    – Roel
    Apr 5, 2023 at 8:58
  • 1
    I am upvoting this for 2024. Used reCaptcha Enterprise V2 Invisible. Turned the Security check in the reCaptcha admin to most secure. Installed Epic browser on chrome to test the website and it prompted with the reCaptcha validation screen.
    – Namrata Sanger
    Feb 23 at 16:00
  • @Roel The reCaptcha v3 will never show up a challenge, it only generate scores for monitoring, hence the absence of trust slider. If have to use the v2 if you want this behavior.
    – Mereo4
    Mar 22 at 14:33
3

As of 2019-06-21, it appears that it is sufficient with Google Chrome (v74.0.3729.169) to bring up a new incognito window to force the recaptcha to execute. (I had needed this for our own recaptcha testing, so I'm glad I found it.)

Improve this answer
1
  • 1
    A chrome incognito window returned success == true and a score of 0.9, so it didn't work for me.
    – spodell
    Jan 17, 2023 at 19:23
3

I am still struggling a little bit with this but I found that the following things make invisible recaptcha puzzle more likely to appear:

  • Log into the recaptcha admin and set it to maximum security

  • Open your site from an incognito tab.

  • Sometimes leaving the login page open and trying to login after some time has passed seems to trigger the recaptcha puzzle.

I must admit though that these don't work all of the times and there are times that I really struggle to get it to work.

Update: It seems a bit strange but I have found that the invisible ReCaptcha is more likely to appear when I submit a form using the Enter key instead of pressing a button with the mouse.

Improve this answer
1

If you have the luxury of a VPN, switch to a bad rep IP or country or an IP commonly used for P2P. This works for me most of the time.

Improve this answer
1

Invisible recaptcha check fails if you try to access your page via automated tests (in my case chrome browser) since chrome has a feature to recognize if the browsers is controlled by such software... so try to create easy tests in Python or Java(+webdriver), to see if recaptcha is implemented correctly.

Improve this answer
1

If you did not implement the code yourself, the first thing to check is the source code, see if reCaptcha is actually loaded. When using a CMS, I search for this line (or similar):

script type='text/javascript' async defer src='https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit&hl=de-CH'
Improve this answer
0

Go thru the steps to test the re-captcha with dev tools open. Go to the network tab and find the POST where the form is submitted. Right click that line and copy as cURL.

Paste into the CLI and voila, you get the failure and the output of the cURL is the HTML that the server sent back.

Improve this answer
1
  • I get unreadable binary output when I try this.
    – boot13
    Dec 10, 2023 at 15:12
-3

The way I tackled it:

  1. Go to your POST to google.com/recaptcha/api/siteverify

  2. Before the response is returned, set the success property in the response to false.

I'm using Guzzle in Laravel (thanks to this example):

$response = $client->post('https://www.google.com/recaptcha/api/siteverify', [
    'query' => [
        'secret' => env('RECAPTCHA_V3_SECRET_KEY'),
        'response' => $value,
        'remoteip' => $_SERVER['REMOTE_ADDR'],
    ]
]);

$body = $response->getBody();

$contents = json_decode($body->getContents());

$contents->success = false;

return $contents;
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.