Google

How does the server check the Google token for validation?

Can you please tell me how the captsha system works ?

There is a frame reCapcchav2 object on the site , in order to access the data,
you need to guess or select the correct pictures. Accordingly, when we
click on a captcha,
we run a JS script, recaptcha__ru.js, which sends a request to Google to the server and it sends us an encoded response, in the form of pictures. When we solve them correctly, then Google sends us the correct token, which is sent to the site server, verified, and if everything is OK, we get access to the information.

Then the question is, how does the server of the site on which the captcha is located understand that the token is valid? If we take another correct token, let 's say hereand send it to the site server for verification (via the post method), then it will give us an error.

Those. if you understand how the server recognizes this or that token, then you can simply fake it and pass the test, right or not?

PS I will add, the picture, as an example of sending a token for verification to the site server, if the token is valid for this site, then you will receive data, otherwise not