How to defeat CAPTCHA systems

How to defeat CaptchaA captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human.If you are planning on implementing a CAPTCHA system (wikipedia.org)

If you plan on using a CAPTCHA system, you must be aware of the numerous ways to defeat such a system. Apparently one of the guys that are constantly defeating CAPTCHA is Sam Hocevar . His PWNtcha website presents a huge collection of CAPTCHA systems which have been or are in the process of being defeated.

Sam designed a tool (closed source for good reasons) which is able to analyze and decode even the trickiest images.

PWNtcha is simply a toolkit of image manipulation functions, and a list of known CAPTCHAs with the associated list of image operations to apply in order to decode each of them. If I have never seen your CAPTCHA, then PWNtcha does not know about it, and there is absolutely no way it could decode it.

Update May 29:
A vulnerability has been reported in the CAPTCHA plugin for Geeklog, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Secunia has the details.

Are you aware of any CAPTCHA system which is not listed on this site ?

 



Thank you for reading this post. You can now Read Comments (3) or Leave A Trackback. Print This Post Print This Post

3 Responses to “How to defeat CAPTCHA systems

  • 1
    Nathan - Money Game
    April 27th, 2009 11:13

    I’ve never heard about such a long decryption of this word, so thank’s very much for the briefing. Any support in the battle against spam-bots can be useful and quite valuabe.

  • 2
    font9a
    August 20th, 2009 07:40

    if you de-couple your CAPTCHA image generating code from the image displayed on the device (via encryption) you will have a very high degree of safety against this specific system designed to defeat CAPTCHA.

  • 3
    Dan Houser
    March 2nd, 2011 09:15

    J-Captcha isn't listed on that site.  Wondering how good it is…


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge