Reputation: 1
Is it possible to verify recaptcha through http request? (Adidas)
I'm trying to add a product to my cart through a HTTP POST request:
It contains the function Cart-MiniAddProuct, the product id=S77417 and the sizeId=_630. But the product requires a recaptcha verification, which I've heard almost isn't possible to do through a HTTP POST request. I've got the site-datakey for the recaptcha, but either my format in the url is wrong, or I'm in a wrong direction.
Here's what I've been trying out:
Upvotes: 0
Views: 2233
Answers (2)
Reputation: 167
If you already have a valid captcha response you can send a get request to the server. However, there are two things wrong with your requests: 1) parameters are incorrect: It should be: http://www.adidas.com/on/demandware.store/Sites-adidas-US-Site/en_US/Cart-MiniAddProduct?pid=S77417_630&Quantity=1&ajax=true&g-recaptcha-reponse=6LekiwgTAAAAAALUnAZQuJEvFG7O5z-gKGEjtz82
replace the second ? with &
2)captcha response is not simply the public site-key(You didn't think It would be that easy right)
Upvotes: 1
Reputation: 1661
You cannot by-pass captcha verification. This does nothing to do with HTTP POST. If the server triggers a captcha challenge, it must be verified by a human in order to proceed.
But, given that the original application does not trigger a captcha by default, you can create a standalone application that reproduces the steps (HTTP conversation between browser and server) needed to put that item into the cart.
The process is simple:
- Start a private session in the browser (no history, no cache, no passwords from previous sessions)
- Open the network view in the developer tools
- Go to the site, login, and add the product
- Inspect the primary HTTP requests in the previous process
- Create a script to reproduce them, moving information back and forth as needed
Note: By standalone application I mean an application, in the language of your choice, to be run outside the browser. Maybe some browser or plugins allow you to perform some macro recording that can also be used.
Edit: If the server triggers a captcha validation it is because it doubts the request coming from a human. Usually this is because, it has received an invalid requests from your session (or IP), or a high frequency of requests, or any other flag it considers relevant, as the user being anonymous or logged.
Cheers
Upvotes: 2
Related Questions
- How to use java.net.URLConnection to fire and handle HTTP requests
- HTTP GET with request body
- Detecting request type in PHP (GET, POST, PUT or DELETE)
- How are parameters sent in an HTTP POST request?
- HTTP GET request in JavaScript?
- How is an HTTP POST request made in node.js?
- Is an entity body allowed for an HTTP DELETE request?
- How do I loop through or enumerate a JavaScript object?
- Custom HTTP headers : naming conventions
- What's the difference between a POST and a PUT HTTP REQUEST?