The earlier version of reCAPTCHA used to show relatively simple images, usually containing one disparate object per grid or images with simple scenes having a monotonic background, making it easier for image recognition services to analyze the contents. Image recognition services failed to identify the target object in such a scenario. For example, we find many instances where a potential grid holding a “crosswalk” also holds other common objects such as “car” and “traffic light” in it, and tags returned by an API include names of all the objects except the primary target.įurther, in many challenges, a single target object spans across multiple grids, and some of those grids contain only a tiny part of the whole object. We find that the image recognition services’ poor performance is due to the complex nature of the current challenge images, which often contain complex everyday scenes with common objects in their natural context.
For example, Amazon Rekognition API classifies reCAPTCHA’s crosswalk images as “Zebra Crossings,” while Google’s Cloud Vision API recognizes them as “Pedestrian crossings.” We do a simple preprocessing that transforms these labels to name “crosswalk” for consistency.įinally, we manually verify the results and analyze the failed challenges. However, we find one instance where the labels are not consistent across various APIs. We find that in most cases, one of the labels for a grid holding the target object matches precisely with the name of the object in the reCAPTCHA challenge instruction, thus simplifying the process of mapping the tags returned by an API service to reCAPTCHA challenge object names while submitting a challenge. įirst, we select some challenge images from different categories, extract the individual grids from them, and submit those grids to the image recognition services to analyze the tags (labels) returned by them. The services we use are Cloud Vision API provided by Google, Azure Computer Vision API provided by Microsoft, Rekognition API provided by Amazon, and the API provided by Clarifai. We test 4 popular off-the-shelf online vision APIs for image recognition. Our final custom dataset has 11 object categories: boat, bridge, chimney, crosswalk, mountain, palm tree, stair, statue, taxi, tractor, and tree. We manually annotated and labeled the object instances in those images to prepare and finalize the dataset. We also use 2100 images from the original reCAPTCHA challenges for this dataset. After prepossessing these, we end up with 4800 images. We crawled over 6,000 images from different sources such as Flickr 1 1 1, Google image search 2 2 2, and Bing image search 3 3 3. The second dataset is a custom one that we develop by ourselves. The MS COCO object classes common to reCAPTCHA object categories are bicycle, boat, bus, car, fire hydrant, motorcycle, parking meter, and traffic light. The MS COCO dataset has 80,000 training images and 40,000 validation images with 80 object classes, out of which 8 classes frequently appear in reCAPTCHA challenges. The first dataset is a publicly available dataset called MS COCO. We use two datasets, specifically developed to handle object categories found in reCAPTCHA challenges. Our experimental findings indicate that the recent advances in objectĭetection technologies pose a severe threat to the security of image captchaĭesigns relying on simple object detection as their underlying AI problem. Resistance against automated attacks, adversaries can still bypass most of OurĮxtensive experiments show that while these security features can provide some We also study the updated securityįeatures of reCAPTCHA v2, such as anti-recognition mechanisms, improvedĪnti-bot detection techniques, and adjustable security preferences.
#Google recaptcha bypass for specific urls crack
Success rate to date, and it takes only 19.93 seconds (including networkĭelays) on average to crack a challenge.
We propose aįully automated object detection based system that breaks the most advancedĬhallenges of reCAPTCHA v2 with an online success rate of 83.25 ReCAPTCHA v2 against advanced object detection based solvers. In this paper, we investigate the robustness of the latest version of V2 challenges that can render the prior approaches ineffective to a greatĮxtent. To emerging threats, Google has made significant updates to its image reCAPTCHA
Vision APIs provided by off-the-shelf image recognition services. Previous work showed that reCAPTCHA v2's image challenges could be solved byĪutomated programs armed with Deep Neural Network (DNN) image classifiers and