How to handle Captcha in automation
2,838 views
Skip to first unread message
Amit
May 16, 2012, 2:04:19 AM5/16/12
to webdriver
Hello,
I would like to do automation for registration part for my website,
where captcha is there.
I donot know how to handle captcha in automation using Webdriver.
Has any one done automation for this previously.?
Need help to solve this.
Thanks
Amit
I would like to do automation for registration part for my website,
where captcha is there.
I donot know how to handle captcha in automation using Webdriver.
Has any one done automation for this previously.?
Need help to solve this.
Thanks
Amit
Krishnan Mahadevan
May 16, 2012, 2:05:10 AM5/16/12
to webd...@googlegroups.com
Reach out to your dev folks and get a value that can be used for your test environments.
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
Captchas are designed to prevent automation.
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
Amit
--
You received this message because you are subscribed to the Google Groups "webdriver" group.
To post to this group, send email to webd...@googlegroups.com.
To unsubscribe from this group, send email to webdriver+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/webdriver?hl=en.
Amit
May 16, 2012, 2:44:51 AM5/16/12
to webdriver
The application is live and under maintanance stage, I would like to
do regression testing for this.
Does it means, I can not do regression testing for this application?
On May 16, 11:05 am, Krishnan Mahadevan
do regression testing for this.
Does it means, I can not do regression testing for this application?
On May 16, 11:05 am, Krishnan Mahadevan
Krishnan Mahadevan
May 16, 2012, 2:46:24 AM5/16/12
to webd...@googlegroups.com
AFAIK then the answer is NO because captcha was built to prevent automated ways of registration etc., and webdriver cannot handle captchas. --
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
Pankaj Nakhat
May 16, 2012, 2:48:40 AM5/16/12
to webd...@googlegroups.com
Alternatively if you want to use different CAPTCHA, ask your dev team to enable the value to appear in alt tag of the image for your test environment, which you can read from webdriver and use it,
Regards,
Pankaj Nakhat
www.pankajnakhat.com
t : @pnakhat
Regards,
Pankaj Nakhat
www.pankajnakhat.com
t : @pnakhat
Peter Gale
May 16, 2012, 2:59:46 AM5/16/12
to webd...@googlegroups.com
But they shouldn't do that because that would allow any automation of the captcha on this site not just their own test automation, so would completely invalidate the purpose of the captcha in the first place.
Date: Wed, 16 May 2012 07:48:40 +0100
Subject: Re: [webdriver] How to handle Captcha in automation
From: pna...@gmail.com
To: webd...@googlegroups.com
Date: Wed, 16 May 2012 07:48:40 +0100
Subject: Re: [webdriver] How to handle Captcha in automation
From: pna...@gmail.com
To: webd...@googlegroups.com
darrell
May 16, 2012, 9:56:23 AM5/16/12
to webdriver
As pointed out, the whole purpose of captcha is to prevent automated
attacks. The solution for automated testing of captcha is to make a
back door, make it configurable or both.
All solutions require a code change. You can check to see if
development already has something in there. Solutions might be, a flag
in a configuration file disables captcha. This would require a change
to a file in the operating system and possibility a restart of the web
application.
Another solution is to make the captcha so it will always accept two
inputs. The first is the randomly generated string we present to the
user and the other is a secret back door value. So if you input the
secret backdoor key it is always accepted. If you hard code the key
there is a the danger it will get out to the public. For example,
installing Microsoft products requires a key. Twenty years ago
Microsoft hard coded the key 11111-11111-11111-11111. It was always
accepted. A former employee of Microsoft told some friends who told
some friends and in no time everyone knew you could install any
Microsoft product by just holding down the 1 key when asked for the
product registration key.
Same thing can happen with a captcha. If the secret captcha key is
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
sooner or later this will get out and you'll have to release a new
version of the product with a different key. If the developers can
make the secret key a configurable value, you just need to edit the
configuration file to change the key, if someone happens to give the
key out to a friend.
Don't even think about asking development to put the captcha key in an
attribute of the image. The people who attempt to bypass captchas will
notice the attribute and use it to their advantage. The captcha key
should NEVER be available via the web browser or an API call.
Bottom line, see if development has already put a work around in the
code. If they have not, they will have to change the code to enable
automated use of the captcha.
attacks. The solution for automated testing of captcha is to make a
back door, make it configurable or both.
All solutions require a code change. You can check to see if
development already has something in there. Solutions might be, a flag
in a configuration file disables captcha. This would require a change
to a file in the operating system and possibility a restart of the web
application.
Another solution is to make the captcha so it will always accept two
inputs. The first is the randomly generated string we present to the
user and the other is a secret back door value. So if you input the
secret backdoor key it is always accepted. If you hard code the key
there is a the danger it will get out to the public. For example,
installing Microsoft products requires a key. Twenty years ago
Microsoft hard coded the key 11111-11111-11111-11111. It was always
accepted. A former employee of Microsoft told some friends who told
some friends and in no time everyone knew you could install any
Microsoft product by just holding down the 1 key when asked for the
product registration key.
Same thing can happen with a captcha. If the secret captcha key is
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
sooner or later this will get out and you'll have to release a new
version of the product with a different key. If the developers can
make the secret key a configurable value, you just need to edit the
configuration file to change the key, if someone happens to give the
key out to a friend.
Don't even think about asking development to put the captcha key in an
attribute of the image. The people who attempt to bypass captchas will
notice the attribute and use it to their advantage. The captcha key
should NEVER be available via the web browser or an API call.
Bottom line, see if development has already put a work around in the
code. If they have not, they will have to change the code to enable
automated use of the captcha.
SANTHOSH BABY
May 16, 2012, 12:59:54 PM5/16/12
to webd...@googlegroups.com
Captchas can be automated if you are able to decode the image using OCR(Optical character recognization tools) .
and if you are expert in image pattern mapping .
Well all you need to write complex algo to sort out the image pattern
and its not easy stuff
I would suggest there is no inbuilt solution provided by the selenium tool or by any automation tool yet
If you really love to then use this link http://www.wausita.com/captcha/
MichaelF
May 16, 2012, 1:56:21 PM5/16/12
to webd...@googlegroups.com
Just as someone cracks a Captcha so companies respond by making the Captcha more secure, more difficult to read, if you notice the Google images over the past few months they have become progressively more unreadable. So while it may be useful to try and automate the Captcha it will only work for so long.
Either get the Captcha removed in Test environments, or get the backdoor as proposed earlier.
To unsubscribe from this group, send email to webdriver+unsubscribe@googlegroups.com.
Mark Collin
May 16, 2012, 3:39:32 PM5/16/12
to webd...@googlegroups.com
If you can automate it with OCR it’s not fit for purpose, raise a bug.
Bill Ross
May 16, 2012, 5:00:50 PM5/16/12
to webd...@googlegroups.com
Ideally any captcha back door is only enabled in a test environment, and
there should be a test that is run in production after each install to
verify that it is disabled there.
Bill
there should be a test that is run in production after each install to
verify that it is disabled there.
Bill
Reply all
Reply to author
Forward
0 new messages