Chuck actually I tend to agree with all your comments there. I've been away from wtr-general for a while and am now amazed (after a week of trawling) at the quality, or lack-thereof, of requests for help.
In hindsight, maybe he should just try gem install captchavundarbarbreaker Still, I always like a challenge and was tempted to put more thought into it. Maybe next time =) Cheers, Tim On Fri, Feb 25, 2011 at 6:23 PM, Chuck van der Linden <sqa...@gmail.com> wrote: > Tim, > > I'm not saying he's a spammer.. (but one could be watching) > > I'm applying the LART with such vigor because he's been told about 4 > times 'can't do that' and he keeps asking as if we're not telling him > the truth or the answer will somehow change, or there is some 'secret > solution' using some 'magic gem' that we're just not telling him > about. > > (shhhhh don't tell anyone, but if you find the config.sys file and put > "User equals-sign ID ten T" on the first line in that file that will > make it work) > > and btw if he CAN break the captcha using any of the tools you > suggest, I'd recommend he notify his client that they need a better > captcha, since if it wont stop him, then it's not likely to stop the > spammers. > > BTW want to know how spammers break captchas? they crowdsource it. > They pay people in lesser developed nations something like a tenth of > a cent per captcha solved. they use scripts that capture that part of > the screen, send the image to a system that sends it to someone logged > into to it who 'solves' the puzzle and sends the 'solution' back to > the spammer's script where it is entered and then they can submit > their spam. since most captchas are just random numbers and letters > you dont even have to speak a foreign language to get such a job.. > > http://www.nytimes.com/2010/04/26/technology/26captcha.html?_r=1&hpw > > So assuming that his client wants to pay for this service, there is a > way around it (which as I said, puts a human in the loop) > > On Feb 23, 2:14 am, Tim Koopmans <tim.ko...@gmail.com> wrote: >> So let's just go easy on the guy! >> >> It's not an entirely unreasonable request, and not really up to us to judge >> it. It may well be legit! >> >> Depending on the quality of the CAPTCHA it may in fact be possible. But >> you'd probably have to wrap in an OCR library with some image processing (to >> TIFF) beforehand. >> >> For image processing I'd recommend rmagick[1]. >> For OCR you could look at gocr[2], ocrad[3] or tesseract[4] >> >> [1]http://rmagick.rubyforge.org/ >> [2]http://jocr.sourceforge.net/ >> [3]http://www.gnu.org/software/ocrad/ >> [4]http://code.google.com/p/tesseract-ocr/ >> >> Good luck with that! >> >> Cheers, >> Tim >> >> On Wed, Feb 23, 2011 at 8:07 PM, Chuck van der Linden >> <sqa...@gmail.com>wrote: >> >> >> >> >> >> >> >> > THERE IS NO SUCH GEM. >> >> > NO. HELL NO. and a Thousand Times I tell you NO. >> >> > The purpose of a captcha is a challenge to prove that it is a human at >> > the computer, to prevented scripted attacks on the site from spammers >> > and the like. The site cannot tell a scripted interaction from a >> > tester from a scripted interaction from a spammer or other attacker. >> >> > if the client needs you to test against production then you need to >> > test pages with a captcha manually, or they would need to temporarily >> > disable the captcha for the duration of the test, or set it to use a >> > fixed answer for the duration of the test. >> >> > You CANNOT script against a working captcha without a human in the >> > loop. That's the design and purpose of a captcha. And if you somehow >> > found a way to do that, then the client needs a better quality >> > captcha, because if you can figure out a way, so will the spammers. >> >> > NOBODY who isn't a spammer is likely to develop a means to get around >> > captchas because we know it would then be immediately discovered and >> > used BY spammers, and nobody wants to help spammers. Nobody here is >> > going to help YOU do the same thing for the same reason, even if you >> > are not a spammer, one could come along later and read the answer. >> > stop trying to go there. >> >> > Likewise, there is no way for the site to know your scripted >> > interaction (against a production site) is 'safe' that would not >> > potentially be used or exploited by spammers.. so I strongly >> > discourage anything along those lines as it would just be introducing >> > a chink in the sites defenses that could later be exploited to attack >> > the site. >> >> > If your client is asking you to write scripting against pages with >> > captchas, point out to them that this is a bit like asking you to move >> > an object they designed to be immovable. >> >> > On Feb 22, 9:15 am, Aditya <vaditya2...@gmail.com> wrote: >> > > A good idea already thinking the same. But the client needs on production >> > > environment too. So do we have any gem atleast once the page is loaded >> > can >> > > we get the value after page is displayed? Any idea ? >> >> > > On Tue, Feb 22, 2011 at 7:36 PM, Basim Baassiri <ba...@baassiri.ca> >> > wrote: >> > > > I've had a similar problem in automating a signup page that had a >> > captcha >> > > > on it. >> >> > > > I solved it by implementing in the production code to detect the test >> > > > environment and when the test environment was evaluated the captcha was >> > > > hardcoded to QAQA and hence i used that string to proceed with the >> > signup >> > > > page >> >> > > > Hopefully that can help you >> >> > > > On Tue, Feb 22, 2011 at 5:30 AM, Aditya <vaditya2...@gmail.com> wrote: >> >> > > >> Thanks for the valuable information. >> >> > > >> Can i use rmagick gem in order to validate the captcha? >> > > >> and can i use it in watir? >> >> > > >> On Tue, Feb 22, 2011 at 3:50 PM, Željko Filipin < >> > > >> zeljko.fili...@wa-research.ch> wrote: >> >> > > >>> On Tue, Feb 22, 2011 at 11:17 AM, Aditya <vaditya2...@gmail.com> >> > wrote: >> > > >>> > How do we handle in terms of automation? >> >> > > >>> Captchas are made explicitly so they could not be automated. >> >> > > >>> If I had to automate site that used Captcha, I would test them >> > manually. >> >> > > >>> Željko >> >> > > >>> -- >> > > >>> Before posting, please readhttp://watir.com/support. In short: >> > search >> > > >>> before you ask, be nice. >> >> > > >>> watir-general@googlegroups.com >> > > >>>http://groups.google.com/group/watir-general >> > > >>> watir-general+unsubscr...@googlegroups.com >> >> > > >> -- >> > > >> Before posting, please readhttp://watir.com/support. In short: search >> > > >> before you ask, be nice. >> >> > > >> watir-general@googlegroups.com >> > > >>http://groups.google.com/group/watir-general >> > > >> watir-general+unsubscr...@googlegroups.com >> >> > > > -- >> > > > Before posting, please readhttp://watir.com/support. In short: search >> > > > before you ask, be nice. >> >> > > > watir-general@googlegroups.com >> > > >http://groups.google.com/group/watir-general >> > > > watir-general+unsubscr...@googlegroups.com- Hide quoted text - >> >> > > - Show quoted text - >> >> > -- >> > Before posting, please readhttp://watir.com/support. In short: search >> > before you ask, be nice. >> >> > watir-general@googlegroups.com >> >http://groups.google.com/group/watir-general >> > watir-general+unsubscr...@googlegroups.com > > -- > Before posting, please read http://watir.com/support. In short: search before > you ask, be nice. > > watir-general@googlegroups.com > http://groups.google.com/group/watir-general > watir-general+unsubscr...@googlegroups.com > -- Before posting, please read http://watir.com/support. In short: search before you ask, be nice. watir-general@googlegroups.com http://groups.google.com/group/watir-general watir-general+unsubscr...@googlegroups.com
