May 04, 2014

Stop using Captchas that Can be Broken with Two Lines of Code

The de-facto bot prevention technique sprawls everywhere on the web but I am surprised how people overestimate the difficulty of breaking a captcha. Here are some of them which I encountered.

image image image

It won’t take rocket science to convert them to text. In fact, the only two free tools needed for this purpose are: tesseract and Imagemagick.

convert captcha.jpg -threshold 5% a.jpg

Adjust the threshold value to get a binary image with no noise.

tesseract -l eng a.jpg text

This will create a “text.txt” file with the captcha text in it.

I ran a test on effectiveness of these commands and the success rate was nearly 9 / 10, clearly implying how weak or better say, made-from-scratch captcha implementations are as good as having none at all.

Follow Me!

I write about things that I find interesting. If you're modestly geeky, chances are you'll find them too.

Subscribe to this blog via RSS Feed.

Don't have an RSS reader? Use Blogtrottr to get an email notification when I publish a new post.