Looking to solve hcaptcha enterprise captcha for a site. But the solution seems to be invalid and I am getting 401 status_code when I submit the captcha.
Here is the request data:
{
"clientKey":"<cas clientKey>",
"task":
{
"type":"HCaptchaTaskProxyless",
"websiteURL":"<page url>",
"websiteKey":"<site-key>",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
}
}
Here is the solution I received:
{
"errorId":0,
"status":"ready",
"solution": {
"gRecaptchaResponse": "P1_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.hKdwYXNza2V5xQb9JvlblBqjTdKpourvlRNpOZLvJb0yJRmsXVFVjyxFWlL1wdYBXaPyFtnxwy2ukbMgwWn62-cjSc98Iw2XIPYWg5MNDKS4_7tBIhjY0PienoKy1...",
"respKey": "E0_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidjQ3RjlqZGFYTllFQXlZZFYyRTlaWlBVQUdLaFpPakpRNjBXRTljVW40VnY3NnhuN2V3R0wwVWd1MW1Wai90WEdoYmt5a2NqVGlGdWpsSlpmVjcza...",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
}
}
I was able to successfully trigger hcaptcha callback from the site and inject “gRecaptchaResponse” to the page. Bu upon submitting I received response with status 401 and “unauthorised” text as if the solution is wrong.
Verified the enterprise payload is not required. I suspect the site is doing some validation based on “respKey”. What is its significance and is there any way I can inject it to the site.
reference doc: https://docs.capmonster.cloud/docs/captchas/hcaptcha-task/
Matched the user-agent used in the browser and the solution request.
Inserted "gRecaptchaResponse"
to the <textArea/>
elements and triggered the hcpatcha callback.
1