CAPTCHA Farms: The 8 steps needed to evade detection

How Do CAPTCHA Farms Work

CAPTCHA farms are the equivalent of a digital sweatshop. 2CAPTCHA, as an example, is a CAPTCHA farm that outsources their work within emerging economies and their services cost less than $1 for every 1,000 solved. APIs, browser plugins, and other methods are available to connect and solve the website’s CAPTCHA with manual labor.

1. Bot Operator Builds a Bot

A bot operator uses a bad bot to request access to log in to a website.

2. Prove You’re a Human

The website serves up a CAPTCHA in order to “prove” that the request is from a legitimate user.

3. A Simple API Call

The bot uses an API key to send data to a CAPTCHA farm.

4. That Will Be $0.0035 Please

A human worker employed by the CAPTCHA farm solves the CAPTCHA on the bot’s behalf.

5. CAPTCHA Farm Sends a Token

The CAPTCHA farm worker sends the corresponding authorization token back to the bot.

6. Mimicking Human Behavior

The bot submits the authorization token to send the new request.

7. Website is Fooled

The website allows bot’s request in as if it was a legitimate user.

8. Outcome

Once the CAPTCHA is bypassed, the bot can continue to commit fraud.