ReСaptcha Enterprise: recognition, bypass and Captcha solvers

1. Overview of reCAPTCHA Enterprise and Differences from v2/v3

What is it?

Google has long been synonymous with bot protection, and its reCAPTCHA Enterprise is a prime example. This enhanced version is designed for large-scale platforms and enterprise clients where security requirements are especially high. It combines the core functionality of reCAPTCHA v2 and the invisible behavioral analysis of reCAPTCHA v3, but goes further—adding in-depth analytics and fine-tuned customization capabilities.

Quick summary of versions:

reCAPTCHA v2

The classic: the user clicks the “I’m not a robot” checkbox or solves a visual/audio challenge. It can run in explicit (visible) or invisible mode (triggered only when suspicious activity is detected). The result is always binary—either the CAPTCHA is passed or not.

reCAPTCHA v3

Everything runs in the background—the system analyzes user behavior (mouse movements, scrolling, time on page) and returns a score from 0.0 to 1.0 indicating the likelihood that the user is human. The user is not asked to solve any challenges.

reCAPTCHA Enterprise

This version supports both modes—visible (v2-style) challenges and invisible (v3-style) behavioral analysis. Its main distinction lies in its enhanced algorithms, deep risk analysis, integration with other security tools (e.g., WAF, Integrity API for mobile), and detailed reports through the Google Cloud Console. It operates on a paid model for businesses and provides more accurate risk scoring through 11 risk levels, compared to 4 in the free versions.

2. Version Comparison Table

Parameter – reCAPTCHA v2 – reCAPTCHA v3 – reCAPTCHA Enterprise

Verification Mechanism – Checkbox + visual/audio tasks – Background signature collection → score – Combined: either challenges or invisible analysis with extended analytics

User Interaction – Explicit, with on-screen actions – Invisible—works in the background – Optional: may be minimal or explicit, depending on site owner preferences

Analysis Methods – Basic data collection (mouse, browser) – Advanced behavioral data collection – Multi-layer analysis: device data, browser fingerprinting, history, and additional signals

Verification Result – Token (valid or not) – Token with score and flags – Token + detailed info (reason codes, metrics) with granular customization

Customizability – Limited (theme, language, widget) – Score threshold only – Flexible thresholds, system integrations, optional MFA, and more

Cost – Free up to a limit – Within same quota – Paid model: after 10k verifications/month, ~$1 per 1,000 requests

3. How to Identify Use of reCAPTCHA Enterprise

When analyzing a website, the following indicators can help you determine whether reCAPTCHA Enterprise is in use:

Included Script:
If the page source includes a link to .../recaptcha/enterprise.js instead of the standard .../recaptcha/api.js, it indicates use of the Enterprise version. Similarly, code may contain method calls like grecaptcha.enterprise.render() or grecaptcha.enterprise.execute().

Network Requests:
The Network tab in browser developer tools will show requests containing /recaptcha/enterprise/ or directed to the domain recaptchaenterprise.googleapis.com.

Integration Parameters:
Sometimes a JS configuration object includes a flag like isEnterprise: true, which directly indicates the version in use.

Sitekey Format:
Although sitekeys may resemble standard ones (e.g., starting with “6Lc” or “6Lf”), Enterprise keys may include specific suffixes indicating corporate status.

Thus, if scripts and network requests point to enterprise.js and Enterprise methods, it’s safe to say the site is using reCAPTCHA Enterprise.

4. Inner Workings of reCAPTCHA Enterprise

Data Collection

As soon as the CAPTCHA loads on the website, the system begins capturing all available data:

• Browser information (User-Agent, screen resolution, installed plugins)

• Fingerprinting: Canvas, WebGL, fonts, audio context, and even cookies

• Behavioral parameters: mouse movement, timing between events, page scroll, etc.

This data is encrypted and sent to Google servers for analysis.

Risk Assessment

A complex machine learning model runs server-side to analyze all signals—from IP reputation to mouse trajectory speed.

• Enterprise v2 decides whether to show challenges based on the risk score.

• Enterprise v3 simply generates a numerical score, with values above 0.7 typically indicating a real user.

Token Generation and Verification

After user interaction (or simulation thereof), a method generates a long token (~500+ characters). This token is sent to the website server for validation. If the token is invalid or expired (usually within 2 minutes), the verification fails.

5. Why Bypassing reCAPTCHA Enterprise Is Difficult

Key difficulties in automating bypass of this system include:

Advanced Fingerprinting:

Simple request emulation without proper JS signals is quickly flagged. Even headless browsers may be detected without stealth techniques.

Behavioral Analysis:

A bot must not only send requests but also mimic human-like actions—mouse movements, clicks, delays—otherwise, it will receive a low score.

Time Constraints:

The token must be obtained within seconds. Any delay may render the CAPTCHA invalid.

IP and Environment Binding:

If the CAPTCHA is solved from an IP different from the one making the site request, the system grows suspicious. Proxy use with geographic matching is required.

Thus, bypassing the Enterprise version requires not only solving the task but circumventing multiple layers of protective filters.

6. reCAPTCHA Enterprise Bypass Methods

Manual Approaches

Direct Solving:

A person manually clicks through the CAPTCHA. Suitable for testing but not scalable.

Outsourcing via Services:

Platforms like 2Captcha, ruCaptcha, SolveCaptcha offer human-powered CAPTCHA solving at low cost. While effective, solve times vary (usually 10–30 seconds).

In-House Operators:

Some companies build internal teams for solving CAPTCHAs—this maintains control over data but requires resources.

Automated Approaches

Computer Vision:

Neural networks and ML algorithms solve visual challenges. Fast but sometimes fail on obfuscated tasks.

Audio Bypass:

Switching to audio CAPTCHA and converting speech to text—a backup option if image recognition fails.

Simulating Full User Behavior:

Running a real browser (or emulated one via Puppeteer, Selenium, Playwright) while mimicking human actions captures all behavioral signals and yields valid tokens.

Exploiting Vulnerabilities:

Rarely, implementation flaws (e.g., token reuse) may be exploitable—but this is unreliable in corporate environments.

Combined Strategies

A hybrid method is often optimal: automation attempts CAPTCHA solving first; if uncertain, a human steps in. Or a bot handles most tasks, and humans assist at critical points.

7. Overview of Popular Services for Solving reCAPTCHA Enterprise

Service – Solving Method – Price (Enterprise) – Speed – Features

2Captcha / ruCaptcha – Human input (crowdsourcing) – ~$1.5–3 per 1,000 solves – 15–30 seconds – One of the oldest players; user-friendly API; requires enterprise=1 for Enterprise usage

Anti-Captcha – Hybrid (human + automation) – ~$5 per 1,000 verifications – 5–20 seconds – Supports score threshold for v3, clean API, subscription available

SolveCaptcha – AI with human fallback – ~$0.55 per 1,000 solves
5–10 seconds – High accuracy (up to 97%), uses proprietary browser engine and direct image recognition

DeathByCaptcha – Human input – ~$2.89 per 1,000 solves – 20–40 seconds – Focused on Western markets, supports Enterprise solving with experienced operators

NopeCHA – AI + browser extension – ~$0.5–2 per 1,000 solves – 5–15 seconds – Offers browser extension and integration-ready API; includes a free tier

NextCaptcha – Combined approach – ~$0.8 per 1,000 solves (promo) – 5–15 seconds – New player in 2024, optimized for Enterprise CAPTCHA solving

8. Step-by-Step Guide to Bypassing via API

Let’s say your script needs to automatically register a user on a site protected by reCAPTCHA Enterprise. We’ll use 2Captcha as the solving service.

Step 1. Extract the sitekey

Open the page source and locate an element like:

Alternatively, in the JS code, find a call like

grecaptcha.enterprise.execute(sitekey, {action: 'submit'}). Save the extracted sitekey and page URL for later.

Step 2. Submit the task for solving

Send a POST request to 2Captcha’s server with required parameters: sitekey, page URL, the enterprise flag, and optionally invisible=1 if the CAPTCHA is invisible.

Step 3. Wait for the solution

After submission, you’ll receive a task ID. Poll the service’s API every 5 seconds until a token is returned—or an error if the CAPTCHA could not be solved.

Step 4. Use the token

Insert the received token into a hidden form field:

Submit the form to the site server for verification.

9. Code Examples

Python (using requests)

import requests
import time

API_KEY = "YOUR_2CAPTCHA_API_KEY"
sitekey = "6Lf26sUnAAAAAIKLuWNYgRsFUfmI-3Lex3xT5N-s"
page_url = "https://target-site.com/register"

# Step 1: Submit CAPTCHA task
payload = {
    'key': API_KEY,
    'method': 'userrecaptcha',
    'googlekey': sitekey,
    'pageurl': page_url,
    'enterprise': 1
}
response = requests.post("http://2captcha.com/in.php", data=payload)
if response.text.split('|')[0] != "OK":
    print("Error submitting CAPTCHA:", response.text)
    exit(1)
captcha_id = response.text.split('|')[1]
print(f"CAPTCHA queued, ID = {captcha_id}")

# Step 2: Poll for solution
token = None
for _ in range(20):
    time.sleep(5)
    res = requests.get(f"http://2captcha.com/res.php?key={API_KEY}&action=get&id={captcha_id}")
    if res.text == "CAPCHA_NOT_READY":
        print("Solution not ready yet, waiting...")
        continue
    if res.text.startswith("OK|"):
        token = res.text.split('|')[1]
        break
    else:
        print("Error retrieving response:", res.text)
        exit(1)

if not token:
    print("Failed to retrieve token in time")
    exit(1)

print("Token acquired:", token)

# Step 3: Submit form with token
form_data = {
    'username': 'testuser',
    'password': '12345',
    'g-recaptcha-response': token
}
final_response = requests.post(page_url, data=form_data)
print("Form submission result:", final_response.status_code)

PHP (with cURL)

 $apiKey,
    'method' => 'userrecaptcha',
    'googlekey' => $siteKey,
    'pageurl' => $pageURL,
    'enterprise' => 1
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

if(strpos($response, "OK|") !== 0) {
    die("Submission error: $response");
}
list(, $captchaId) = explode('|', $response);
echo "CAPTCHA queued, ID = $captchaId\n";

// Step 2: Poll for token
$token = null;
for ($i = 0; $i < 20; $i++) {
    sleep(5);
    $result = file_get_contents("http://2captcha.com/res.php?key=$apiKey&action=get&id=$captchaId");
    if($result === "CAPCHA_NOT_READY") {
        echo "Waiting for solution...\n";
        continue;
    } elseif(strpos($result, "OK|") === 0) {
        $token = substr($result, 3);
        break;
    } else {
        die("Error: $result");
    }
}
if(!$token) {
    die("Token not received in time.");
}
echo "Token acquired: $token\n";

// Step 3: Submit form with token
$formFields = http_build_query([
    'username' => 'testuser',
    'password' => '12345',
    'g-recaptcha-response' => $token
]);
$ch = curl_init($pageURL);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $formFields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);

echo "Server response: $result\n";
?>

Node.js (using fetch)

const fetch = require('node-fetch'); // Install with: npm install node-fetch

const API_KEY = "YOUR_2CAPTCHA_API_KEY";
const siteKey = "6Lf26sUnAAAAAIKLuWNYgRsFUfmI-3Lex3xT5N-s";
const pageUrl = "https://target-site.com/register";

async function solveCaptcha() {
    // Step 1: Submit CAPTCHA task
    const params = new URLSearchParams();
    params.append('key', API_KEY);
    params.append('method', 'userrecaptcha');
    params.append('googlekey', siteKey);
    params.append('pageurl', pageUrl);
    params.append('enterprise', '1');

    let resp = await fetch('http://2captcha.com/in.php', { method: 'POST', body: params });
    let text = await resp.text();
    if (!text.startsWith('OK|')) {
        throw new Error(`Submission error: ${text}`);
    }
    const captchaId = text.split('|')[1];
    console.log(`CAPTCHA queued, ID = ${captchaId}`);

    // Step 2: Wait for token
    let token = null;
    for (let i = 0; i < 20; i++) {
        await new Promise(r => setTimeout(r, 5000));
        let resResp = await fetch(`http://2captcha.com/res.php?key=${API_KEY}&action=get&id=${captchaId}`);
        let resText = await resResp.text();
        if (resText === 'CAPCHA_NOT_READY') {
            console.log("Waiting for solution...");
            continue;
        }
        if (resText.startsWith('OK|')) {
            token = resText.split('|')[1];
            break;
        } else {
            throw new Error(`Error: ${resText}`);
        }
    }
    if (!token) {
        throw new Error("Token not received in time.");
    }
    console.log("Token acquired:", token);

    // Step 3: Submit form with token
    const formParams = new URLSearchParams();
    formParams.append('username', 'testuser');
    formParams.append('password', '12345');
    formParams.append('g-recaptcha-response', token);

    let finalResp = await fetch(pageUrl, { method: 'POST', body: formParams });
    console.log("Form submission status:", finalResp.status);
}

solveCaptcha().catch(err => console.error(err));

10. Integration and Optimization Tips

Quick token insertion:

If you’re controlling the browser via Selenium or Puppeteer, inject JavaScript directly into the page to set the token value in the hidden input field. This ensures seamless interaction without reloading or delays.

Token lifespan awareness:

A token is typically valid for only a couple of minutes. You must use it immediately after receiving it to avoid verification failure.

Error handling:

Implement error management logic in your script—for example, if the API returns invalid key errors, request overflows, or timeouts. This makes your automation more resilient and production-ready.

Optimizing parallel requests:

When dealing with batch automation, mind the API limits. Group requests intelligently and monitor traffic to avoid hitting usage caps or bans.

Using proxies effectively:

If the website tracks IP location consistency, make sure that the CAPTCHA is solved using a proxy from the same region as the browsing session. This prevents mismatches that could trigger suspicion or low scores.

Conclusion

reCAPTCHA Enterprise is not just a set of puzzles—it’s a sophisticated, multi-layered security system that analyzes every aspect of user behavior and environment. Successfully bypassing it requires a comprehensive approach—from advanced algorithms and full behavior simulation to real human input when needed.

I hope this detailed breakdown and practical code examples help you better understand how reCAPTCHA Enterprise works and how to effectively approach its automation in a cybersecurity-conscious environment.

Good luck with your projects, and may your automation work for you, not against you!