4

What are the best ways to test failures? I know of the UserAgent change trick where setting it to "Googlebot" for example, will fail the test.

However are there other ways to test this?

I can test how my application will behave when the score is below the acceptable threshold but I would like to simulate a bot (in the eyes of Google) in the browser in some way.

crmpicco
  • 16,605
  • 26
  • 134
  • 210

2 Answers2

1

I am not sure, that this is what you are looking for, but you can try to issue duplicate request to your back-end endpoint with the same g-recaptcha-response parameter, you have already used in any previous request.

When you call the back-end for the first time you will get valid response from https://www.google.com/recaptcha/api/siteverify

{"success":true,"score":0.9,"action":"register","challenge_ts":"2020-07-21T18:09:09Z","hostname":"localhost"}

After calling the same endpoint for the second time with the same g-recaptcha-response parameter, google API will respond with something like this:

{"success":false,"score":0.0,"error-codes":["TimeoutOrDuplicate"]}
kubbo
  • 11
  • 2
-1

On desktop or phone using Chrome Incognito mode will get you a low score of 0.1 ~ 0.3 (in my case, at least). See here: https://tehnoblog.org/google-no-captcha-invisible-recaptcha-first-experience-results-review/#google-invisible-recaptcha-v3.0-live-demo

dev101
  • 1,359
  • 2
  • 18
  • 32
  • 6
    I get 0.9 using Incognito or trying to emulate GoogleBot 2.1 in developer tools. Any ideas? – KBr Sep 10 '20 at 19:01
  • 3
    @KBr I've also encountered this. Using incognito AND Googlebot user agent still results in a pass. Did you find an alternative? – Zakalwe Oct 12 '20 at 19:16