How do CAPTCHAs work?

  • Created

Computerized CAPTCHAs have become increasingly common on the web. But what is their purpose, and how did they come about?

Cybercriminals and automated robots seek to manipulate web pages, access databases and steal data. Any website can potentially be targeted by brute force attacks, digital ad fraud, transaction fraud, and personal data harvesting.

CAPTCHA was created to protect websites from such malicious bots.

What is CAPTCHA?

CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. It is used by websites to quickly differentiate real human users from automated programs known as bots.

These days, most websites use CAPTCHA tests to determine whether an actual user or a bot is attempting to access a web page. Early implementations of CAPTCHA tests, appearing in the late-1990s and early 2000s, used distorted images containing a combination of random letters and numbers.

A typical CAPTCHA

What are CAPTCHAs used for?

CAPTCHAs are good at telling the difference between a real human trying to access web content and a computer program pretending to be human.

  • Bots, malicious hackers, and other fraudsters are able to create fake accounts on social networking sites. These fake accounts can increase traffic, overload servers, and even deny services. They can also spam other users or initiate phishing campaigns. Bots are also responsible for spreading fake news.

  • Bots can dominate a site by spamming comments. Bots can fill websites with comments and messages containing shady links that may lead users to scam websites.

  • Bots are automated software that can be used to purchase large quantities of in-demand tickets, sneakers, or other products. These products can then be resold for a higher price.

  • Online polls can be skewed by bots that vote repeatedly. A CAPTCHA helps to prevent this and discourages users from voting multiple times.

How Does CAPTCHA work?

CAPTCHAs help prevent computers from submitting forms automatically. If you’ve been surfing the Internet for some time, you already know precisely how CAPTCHAs work.

When a CAPTCHA is triggered, a pop-up window may appear when attempting to access specific pages or input information. Original text CAPTCHAs twist and bend letters and numbers out of shape, changing proportions and making it hard for bots to figure out what appears on the screen.

An applied background noise and color gradients on the site make it difficult for computers and spambots to identify letters.

CAPTCHA Types and Examples

Spammers and cybercriminals have created computer programs that are capable of solving easy CAPTCHA challenges. As a result, CAPTCHA tests have evolved to become more complex over the years. Nowadays, CAPTCHAs come in many shapes and forms:

  • Text CAPTCHA - To pass the test, the user must correctly type in all of the words displayed on the screen. The displayed text is usually obscured by a blurry/spotted/colored background. As these tests are often randomly generated, sometimes they are too difficult to read.

  • Image CAPTCHA - The user is presented with multiple images and asked to pick those that contain the specified object. Image recognition is easy for humans, but bots and computers have a hard time with image pattern recognition. Google's street view library is combined with artificial intelligence (AI) to create CAPTCHA images. The user needs to click on street signs, lamp posts, and fire hydrants in order to pass the test. (In some cases you may even teach solutions to Google’s AI).

  • Audio CAPTCHA - Some people with color blindness have difficulty with visual CAPTCHAs. For them, an alternative solution is presented: They can request to use an audio CAPTCHA instead. The audio file includes several numbers or words that must be entered correctly to pass the test.

  • Time-based CAPTCHA - It automatically blocks users who complete forms within a fraction of a second (like bots do).

  • No CAPTCHA reCAPTCHA: All you need to do is click the “I’m not a robot” checkbox. Google can determine with their Artificial Intelligence whether a user is human or not by tracking mouse movement, among other factors.

What Triggers a CAPTCHA test?

Carelessly modified browser fingerprints and suspicious behavior may lead to a CAPTCHA test. Websites try not to interrupt humans surfing on the web so they don’t trigger CAPTCHA tests when it is not necessary.

  • If a blacklisted IP address or an inconsistency in the masked footprint appears, the website will definitely ask you to solve the puzzle in order to prove that you are a real human.

  • The presence of Selenium, Puppeteer or another automation framework will also result in bumpy browsing.

  • The lack of browser history, cookies, Google logins suggests that the traffic is coming from a bot that is created for a repetitive task, and does not have the resources to replicate a “real-world” browsing environment.

How to prevent CAPTCHAs?

Kameleo, the Stealth Browsing Platform, allows you to scrape the web without limitations. It provides real-like virtual browser environments so websites won’t detect you even if you are using automation frameworks.

How to solve CAPTCHAs automatically?

Even if you mask yourself in a perfect way, your behavior can become suspicious. Heading directly to a login page, typing credentials much faster than a human is unnatural, so websites will slow down your work by forcing you to solve CAPTCHA tests.

Some sites, for example, a site maintained by the government to request data about businesses, require you to complete a CAPTCHA to secure their database.

If you are automating browser activity, you will need a captcha-solving service. There are many available on the Internet today. Their API can be integrated easily into your solution, solving CAPTCHAs for bots in 20 seconds. We recommend you use 2Captcha, we created examples on integration and they have very nice pricing: $0.5 / 1000 CAPTCHA solves.

Was this article helpful?

4 out of 7 found this helpful