I'm currently trying to solve (not bypass, just send the answer) reCAPTCHA via

1.  
2. I'm currently trying to solve (not bypass, just send the answer) reCAPTCHA via HttpWebRequests but I'm failing at one parameter.
3.  
4. I'm using this site for testing purposes: http://patrickhlauke.github.io/recaptcha/
5.  
6. What I've done so far:
7. [quote]
8. [list]
9. [*]Send GET Request -> http://patrickhlauke.github.io/recaptcha/
10. [*]Parse -> data-sitekey="[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]"
11. [*]Send GET Request -> https://www.google.com/recaptcha/api2/anchor?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]&co=[color=#FF0000]aHR0cHM6Ly9wYXRyaWNraGxhdWtlLmdpdGh1Yi5pbzo0NDM[/color]
12. [list]
13. [*]The second red value is a BASE64 String which contains the Domain Name + Port specified for the data-sitekey -> BASE64_ENCODE([color=#FF0000]https://patrickhlauke.github.io:443[/color])
14. [/list]
15. [*]Parse -> id="recaptcha-token" value="[color=#FF0000]03AHJ_VutqBTwUTg...[/color]"
16. [*]Send GET Request -> https://www.google.com/recaptcha/api2/frame?c=[color=#FF0000]03AHJ_VutqBTwUTg...[/color]
17. [*]Parse -> recaptcha.frame.Main.init("[....]") between [color=#FF0000][\x22rresp\x22,\x22[/color] and [color=#FF0000]\x22[/color] and you will get one more [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
18. [*]Parse -> between [color=#FF0000][\x22pmeta\x22,[\x22[/color] and [color=#FF0000]\x22[/color] and you will get the "instruction" what kind of pictures you'll have to click, for example [color=#FF0000]/m/07jdr[/color] (this is the name/id/whatever for [color=#FF0000]Select all images with trains.[/color])
19. [*]Send GET Request (this is the captcha image itself) -> https://www.google.com/recaptcha/api2/payload?c=[color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]&k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
20. [*](Download or just show the captcha image in your Windows Form)
21. [*]Send POST Request (Captcha Answer) -> https://www.google.com/recaptcha/api2/userverify?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
22. [list]
23. [*]POST Parameters:
24. [list]
25. [*]v = r20160502112552 (API Version? It's everytime the same value)
26. [*]c = [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
27. [*]response = eyJyZXNwb25zZSI6IjMsNSw4In0. -> BASE64 String which contains the IDs of the images you have clicked (first image has ID 0) -> BASE64_ENCODE([color=#FF0000]{"response":"3,5,8"}[/color])
28. [*]t = 11228 (don't know, everytime different but same as ct - reCAPTCHA also success without this param)
29. [*]ct = 11228 (don't know, everytime different but same as t - reCAPTCHA also success without this param)
30. [*]bg = !r6lHI_LEBsGBAVBBxz2yqSQttAUHAAAAiVcAAAAFDw... [b][color=#32CD32]THIS IS MY PROBLEM[/color][/b]
31. [/list]
32. [/list]
33. [/list]
34. [/quote]
35.  
36. If everything was correct you will receive a JSON String with again one more [color=#FF0000]03AHJ_...[/color] which you can finally use for the main website you want to enter/login/whatever. Just use it in the POST Request, for example:
37.  
38. [quote]
39. [list]Send POST Request -> https://mysite.com/login
40. [list]
41. [*]POST Parameters:
42. [list]
43. [*]username = myusername123
44. [*]password = mypassword123
45. [*]g-recaptcha-response = the new [color=#FF0000]03AHJ_...[/color]
46. [/list]
47. [/list]
48. [/list]
49. [/quote]
50.  
51. But how do I get the "bg" value? This is the only parameter which makes me failing at logging into a website. I tried it with some Chrome Extensions which allow me to block/edit outgoing HttpRequests. So I tried to edit and also remove for example the params "ct" or "t" and "v" and as stated above the captcha also succeeded without these params. Only the 03AHJ_ value (captcha image) and the bg value are important, otherwise reCAPTCHA will send me a new captcha to solve as JSON String.