Tutorials

Chrome DevTools Network Tab for CAPTCHA Debugging

Automation All CAPTCHA Types
By Irina
Published at Jan 22, 2026
Chrome DevTools Network Tab for CAPTCHA Debugging
Featured image unavailable

Chrome DevTools is the fastest way to extract CAPTCHA parameters from a page, monitor challenge loading, and verify that solved tokens are submitted correctly. The Network tab shows every request involved in the CAPTCHA lifecycle.

What You Can Find with DevTools

Task Where to Look
Find the reCAPTCHA sitekey Network requests to google.com/recaptcha
Find the Turnstile sitekey Network requests to challenges.cloudflare.com
Verify token injection Form submission POST data
See challenge loading Script and XHR requests from CAPTCHA iframe
Check CAPTCHA errors Console tab error messages
Monitor callback execution Event listeners and console logs

Finding CAPTCHA Parameters

Opening DevTools

  1. Navigate to the page with the CAPTCHA
  2. Press F12 or Ctrl+Shift+I (Windows/Linux) / Cmd+Option+I (macOS)
  3. Click the Network tab
  4. Reload the page (Ctrl+R) to capture all requests from the start

Extracting reCAPTCHA Sitekey

Filter the Network tab to find the reCAPTCHA initialization:

  1. In the filter box, type recaptcha
  2. Look for a request to google.com/recaptcha/api2/anchor or google.com/recaptcha/enterprise/anchor
  3. Click the request and check the Query String Parameters
  4. The k parameter is the sitekey
Request URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcR_RsTAAAAACHE...&co=aHR0c...
                                                              ^^^^^^^^^^^^^^^^
                                                              This is the sitekey

Alternative — Console tab:

// Find reCAPTCHA sitekey from the page DOM
document.querySelector('[data-sitekey]')?.getAttribute('data-sitekey')
// or
document.querySelector('.g-recaptcha')?.getAttribute('data-sitekey')

Extracting Turnstile Sitekey

  1. Filter Network tab for challenges.cloudflare.com
  2. Look for the Turnstile script loading request
  3. Check the page source for the sitekey:
// Find Turnstile sitekey from the page DOM
document.querySelector('[data-sitekey]')?.getAttribute('data-sitekey')
// or check the turnstile render call
document.querySelector('.cf-turnstile')?.getAttribute('data-sitekey')

Extracting hCaptcha Sitekey

  1. Filter Network tab for hcaptcha.com
  2. Look for requests to hcaptcha.com/checksiteconfig
  3. The sitekey parameter is in the query string:
// Find hCaptcha sitekey
document.querySelector('[data-sitekey]')?.getAttribute('data-sitekey')
// or
document.querySelector('.h-captcha')?.getAttribute('data-sitekey')

Monitoring the CAPTCHA Lifecycle

reCAPTCHA Request Sequence

With the Network tab open, interact with the CAPTCHA and watch these requests:

Order Request Purpose
1 recaptcha/api.js Load the reCAPTCHA library
2 recaptcha/api2/anchor Initialize the widget (checkbox appears)
3 recaptcha/api2/bframe Load the challenge frame
4 recaptcha/api2/payload Fetch challenge images (if image challenge triggered)
5 recaptcha/api2/userverify Submit the solution and get the token

Turnstile Request Sequence

Order Request Purpose
1 challenges.cloudflare.com/turnstile/v0/api.js Load Turnstile library
2 challenges.cloudflare.com/cdn-cgi/challenge-platform/ Initialize the managed challenge
3 Various challenge requests Internal verification steps
4 Callback with token Token returned via callback or hidden input

Verifying Token Injection

After solving a CAPTCHA (manually or via API), verify the token is injected correctly:

Check the Hidden Input

// reCAPTCHA token
document.querySelector('#g-recaptcha-response')?.value
// or
document.querySelector('[name="g-recaptcha-response"]')?.value

// Turnstile token
document.querySelector('[name="cf-turnstile-response"]')?.value

// hCaptcha token
document.querySelector('[name="h-captcha-response"]')?.value

Watch the Form Submission

  1. Keep the Network tab open
  2. Submit the form
  3. Click the POST request
  4. Check the Payload tab (or Form Data)
  5. Verify the token field is present and non-empty
Field to Check Expected Value
g-recaptcha-response Long base64-encoded token string
cf-turnstile-response Turnstile token string
h-captcha-response hCaptcha token string

If the field is empty or missing, your token injection failed.

Debugging Common Issues

Token Not Appearing in Form Submission

Use the Console to check if the token was set:

// Check if textarea exists and has a value
const textarea = document.querySelector('#g-recaptcha-response');
console.log('Exists:', !!textarea);
console.log('Value length:', textarea?.value?.length);
console.log('Display:', textarea?.style.display);

Common causes:

  • Token injected into wrong element (multiple reCAPTCHA instances on page)
  • Token expired before form submission (reCAPTCHA tokens expire in ~120 seconds)
  • JavaScript validation re-triggers CAPTCHA after injection

CAPTCHA Widget Not Loading

Check the Console tab for errors:

Console Error Meaning
ERROR for site owner: Invalid key type Sitekey doesn't match the reCAPTCHA type (v2 vs v3 vs Enterprise)
reCAPTCHA placeholder element must be an element or id Container element not found in DOM
Refused to load script (CSP error) Content Security Policy blocks CAPTCHA script
net::ERR_BLOCKED_BY_CLIENT Ad blocker blocking CAPTCHA resources

reCAPTCHA v3 Score Verification

For reCAPTCHA v3, watch the Network tab after token generation:

  1. Filter for the site's backend endpoint that verifies the token
  2. Check the response from Google's siteverify endpoint (if proxied through the backend)
  3. Look for the score field in the response

Using the Preserve Log Feature

By default, the Network tab clears on page navigation. For CAPTCHA workflows that redirect after submission:

  1. Check Preserve log at the top of the Network tab
  2. Now requests persist across page loads
  3. You can see both the form submission and the redirect response

Copying Requests for Reproduction

Right-click any Network request for export options:

Option Use
Copy as cURL Run the exact request from your terminal
Copy as fetch Paste into Console or your JavaScript code
Copy request headers Compare headers between working and failing requests
Copy response Save the server's response for analysis

Example — Copy a CAPTCHA verification request as cURL:

curl 'https://example.com/submit' \
  -H 'content-type: application/x-www-form-urlencoded' \
  --data-raw 'name=test&email=test%40test.com&g-recaptcha-response=TOKEN_HERE'

This helps reproduce issues outside the browser.

Performance Timing

The Timing subtab for each request shows:

Phase What It Tells You
Stalled How long the request waited in queue
DNS Lookup DNS resolution time for the CAPTCHA CDN
Initial Connection TCP connection to CAPTCHA server
SSL TLS handshake duration
Waiting (TTFB) Server processing time
Content Download Response body transfer time

If CAPTCHA widgets load slowly, check whether the bottleneck is DNS, connection, or server response.

Troubleshooting

Issue Cause Fix
Can't find sitekey in Network tab CAPTCHA loaded before DevTools opened Check "Preserve log," reload page, or search page source (Ctrl+U)
Token value shows as truncated DevTools truncates long strings Click the value to see the full token, or use Console to get value.length
Network tab shows too many requests No filter applied Filter by recaptcha, hcaptcha, cloudflare, or the site's domain
Form submission doesn't appear Form uses JavaScript fetch() or XMLHttpRequest Filter by XHR type in Network tab to see AJAX submissions
CAPTCHA requests from iframe not visible Cross-origin iframe isolation No fix in DevTools — use Fiddler or Charles to capture iframe traffic

FAQ

Can I solve CAPTCHAs directly from DevTools?

You can inject a solved token into the DOM using the Console, but you can't solve the CAPTCHA challenge itself from DevTools. Use CaptchaAI to get the token, then inject it via Console for testing.

Does opening DevTools affect CAPTCHA behavior?

Some CAPTCHA providers detect DevTools presence through timing or debugger detection. reCAPTCHA v3 may assign a lower score when DevTools is open. For production debugging, use a proxy tool like Fiddler instead.

How do I find parameters for CAPTCHAs loaded in Shadow DOM?

Shadow DOM encapsulates CAPTCHA elements. In Console, use: document.querySelector('element-tag').shadowRoot.querySelector('[data-sitekey]') to access elements inside shadow roots.

Next Steps

Once you've extracted the CAPTCHA parameters, submit them to CaptchaAI for solving. The API returns a token you can inject using the same Console techniques shown above.

Related guides:

Full Working Code

Complete runnable examples for this article in Python, Node.js, PHP, Go, Java, C#, Ruby, Rust, Kotlin & Bash.

View on GitHub →

Discussions (0)

No comments yet.