Although the captcha shown in the image to the left may appear like any other captcha, DynaDot are actually using a HTML table based captcha to defend against automated WHOIS lookups.
This works by splitting each character into multiple rows. Each row is it’s own table, with each cell (TD) set to a specific height, width and background color.
.
.
This table based captcha is similar to the other HTML based captcha that I recently looked at. The differences in this case are that DynaDot use tables while the other one used a combination of DIVs and CSS and DynaDot also go one step further by adding colored pixels around each character and mixing up the colors used within the character itself. This is an attempt to make it harder to remove the colored characters from their white background and therefore harder to feed through OCR software.
The idea is good but need’s to be improved. Being HTML based, it slows down automators who use generic OCR software or those who outsource their captcha cracking to real humans (very cheap). Although I can’t say that it completely stops them, because they could still automate a headless browser to take a screenshot of the page, crop to the captcha and then treat it as a regular captcha image.
Regardless of the possibilities I mentioned above, the captcha itself isn’t strong enough to avoid being broken in it’s HTML form, as the code below demonstrates.
No comments:
Post a Comment