Using Google reCAPTCHA v2

What is a reCAPTCHA? You have seen them online and perhaps have been wondering how they work. I know I have been seeing these for years but didn't really understand them until I saw the process. In this example I don't go into the creation of the system behind reCAPTCHA's, but rather here I am just showing how to use the Google reCAPTCHA v2. I have seen these used ubiquitously all over the internet and I decided to learn what they are and how I can implement them on my own sites to verify that my site's users are indeed people and not bots.

The PHP is pretty standard. I send the API a user's name, Key, response Key and IP address. Then I get the file contents, decode the JSON and verify a user's authenticity.


PHP CODE:



HTML CODE:

The HTML code for this example is just a simple sample text box form for a user's name, this can be for a username, email or even to verify if a survey is being taken by a human rather than by a bot. The uses for this are endless and that is why you can find these all over the internet.



This next part had me stuck for a moment, I had been referencing some old tutorials and now Google has buttoned down their security for this a bit. To get the correct responses the site needs to be served over HTTPS. I quickly added an SSL cert with Let's Encrypt and now it works properly. Here in this screenshot you can see a simple form box where you can enter your name. Once a user clicks the reCAPTCHA and it verifies that they are not a bot the request is accepted and I am just echoing back the user input. For an application or website I would just pipe the output to whatever database or other page rather than the echo which is done here for illustrative purposes below.


I included this to show the flow of reCAPTCHA although most people have probably seen this as they explore the internet.

Upon successful completion of the above little exercise the system authenticates that a user is authentic or not. Here since the reCAPTCHA was completed successfully and I entered my name as 'J', the system tells me it verified that I'm not a bot and that is has captured my name as 'J'. This system is particularly interesting because its initial purpose was to help digitize illegible books and now it's used to verify users as humans. So not only did I learn some cool PHP tricks while learning how to do this, I also learned a little more about internet history.


Comments

Popular posts from this blog

Automated Exploitation of a Bluetooth vulnerability that leads to 0-click code execution

Sniffing GSM traffic on a private cellphone network

Raspberry Pi WiFi Honeypot 🍯