Cyberspace of Shujun LI


What is CAPTCHA?

It is a technique used to prevent bots (web robots) from abusing web resources. The core of this technique is a computer program running at the server side which tries to distinguish human users from bots. CAPTCHAs have been widely used on user registration page and sometimes on login and message posting web pages. If you had never heard about this term, the examples below should remind your memory.


BotDetect Captcha Google reCAPTCHA NLPCaptcha @ Simpli5d

The Name of the Game

The History before CAPTCHA

Here I list previous work done by others before the term "CAPTCHA" appeared in late 2000 and early 2001. Some papers were published after 2000 but they were not influenced by the work on CAPTCHA done by CMU researchers.

A Brief History of CAPTCHA


Shujun's Work

Oracle-based Attacks

In 2020, Shujun and his collaborators published a paper showing a new CAPTCHA protection mechanism against learning-based oracle attacks cannot actually prevent such attacks, due to some information about true labels from some statistical differences of images belonging to different classes. This work also led to a new general principle about checking any statistical imbalance in future CAPTCHA designs.

Breaking e-Banking CAPTCHAs

In 2010, Shujun and his collaborators analyzed a large number of CAPTCHA schemes deployed by many financial institutions all over the world and found out that none of them is secure. Three CAPTCHA schemes are used by the affected financial institutions for securing online banking transactions against automated man-in-the-middle attacks.


Since 2011, Shujun and his collaborators have been developing the idea of automating the security and usability evaluation of CAPTCHAs. Some preliminary work has been published (see below), but a complete system is still to be developed.


Since 2009, Shujun has been thinking about how to combine passwords and CAPTCHAs to improve the usability of both systems when they have to appear on the same page. He calls such a combined system "Pass-CAPTCHA". Some ideas have been proposed and one prototype system has been tested in 2011-2012. More prototype systems are to be developed and tested. This is still an ongoing line of research, so no any result has been published so far.

Note that combining passwords and CAPTCHAs itself is not a new idea. Some human user authentication schemes have been designed to incorporate CAPTCHA to reduce the risk of automated attacks. One of such systems called PAS was cryptanalyzed by us in the following paper:


Shujun also did some work on audio CAPTCHAs. The main focus is how to improve usability and accessibility to the disabled.

Web Resources

General: T. Pavlidis's Tutorial on CAPTCHA W3C - Inaccessibility of CAPTCHA An ASP.NET Framework for Human Interactive Proofs Top 10 Worst Captchas emotion icon DevilTyper: A Game for CAPTCHA Usability Evaluation (Paper)


Text CAPTCHAs: Egglue Semantic CAPTCHA textCAPTCHA Accessible Captcha for ExpressionEngine 2.x SI CAPTCHA Anti-Spam for WordPress SMARTCHA (SeMi Automated Reverse Turing test to tell Computer and Human Apart)
Recognition Based CAPTCHAs: emotion icon JCAPTCHA Web Wiz CAPTCHA KeyCAPTCHA - Social WordPress CAPTCHA HELLOCAPTCHA ( Securimage: an open-source free PHP CAPTCHA script HKCaptcha CAPTCHA Service @ Horst Nogajski's PHP Class hn_captcha bot-check 1.2: WordPress anti-spam comment plugin CAPTCHA @ CAPTCHA Image @
Image Understanding Based CAPTCHAs: Uncertainty-based CAPTCHA FaceDCAPTCHA Picatcha GigoIts HumanAuth (Implementation @ Uni-Regensburg) IMAGINATION: Image-based Authentication MosaHIP Peoplesign CAPTCHA
Interactive CAPTCHAs: hCaptcha Draggable Captcha for Drupal Stickman CAPTCHA + CAPTCHA ROCK Sliceya CAPTCHA
2-D+ CAPTCHAs: Moving-Object CAPTCHAs (including Emerging Images based CAPTCHA) emotion icon Sketcha: A Captcha Based on Line Drawings of 3D Models (demo) Juraj Rolko's 3D CAPTCHA Ironclad CAPTCHA (3D) CAPTCHAs based on depth perception: AniCAP + STE3D-CAP + STE3D-CAP-e Michael G. Kaplan's 3-D CAPTCHA emotion icon Vappic 4D CAPTCHA
Other CAPTCHAs: SenCAPTCHA GEETEST极验 emotion icon CAPTCHA @ Arkose Labs emotion icon Advanced Math CAPTCHA @ Quantum Random Bit Generator Service, Ruđer Bošković Institute, Croatia Heyes Captcha (demo) Codetcha (demo) Sliding CAPTCHA @ GeoLang's Second Generation CAPTCHA System Project

CAPTCHAs for Advertising: Solve Media NuCaptcha NLPCaptcha @ Simpli5d Confident AdCAPTCHA™ KoolCaptcha Cubecaptcha

CAPTCHA Solvers (Cracker)

Guixin Ye et al.'s captcha_solver (CCS'2018) PWNtcha The Captchacker Project: Captcha Breaking using Support Vector Machines DW-GAN Stiltwalker: Nucaptcha, Paypal, SecurImage, Slashdot, Davids Summer Communication Breaking EZ-Gimpy Megaupload Captcha Decoder aiCaptcha 12306-decaptcha TextCaptchaBreaker JavaTextCaptchaBreaker emotion icon Death by Captcha Captcha Sniper GSA Captcha Breaker Antigate.Com 2Captcha

More CAPTCHA-like Stuff

GOTCHA Hidden CAPTCHA WP Captcha-Free POSHes @ emotion icon Duolingo


All information on this website is for personal use and Shujun Li is not responsible for any misuse of information provided. The listed links on any page do not indicate any personal recommendations for any purposes for the visitors of this website, as each link is included for a different reason meaningful for Shujun Li's personal use. Logo files of websites are used to facilitate recognition of the external links, and does not represent endorsement of the corresponding websites for the content of this website. If the use of any logo file violates the copyrights or policies of any individuals or organisations, please contact Shujun Li so that he can removes the logo file or the whole link. Please also help report broken links and broken images on this website.