If the attackers know the structure and the URL of the Google reCaptcha callback, i.e. The attacker doesn't even need to interact directly with the Google reCaptcha by clicking on it. In short, solving a Captcha is as simple as calling a function in the bot's code. The bot solves the Captcha by submitting the response token.After ~30-45 seconds, the Captcha is solved and you obtain its response token.The Captcha farm asks one of its workers to solve the Captcha.It makes an API call to the Captcha farm with the website’s Captcha public key & its domain name as parameters.The bot is blocked by a Captcha challenge.Let's start with a brief introduction of what a Google reCaptcha farm is - a service that bot developers can query via an API to automate solving Google reCaptcha:
