What Is This Website?

This website is meant to serve as a proof-of-concept browser challenge for detecting automated browsers, while making it extremely difficult for bots to solve the challenge with raw requests.

This website also allows me to experiment with various web technologies and techniques, such as:

• WebAssembly
• Protocol Buffers (Protobuf)
• JavaScript Obfuscation

How Does It Work?

Normal Challenge

When you visit the normal challenge, it loads JavaScript that performs checks on the browser and sends the results back to the server. If the checks pass, you are given a passage_token cookie that tells the server you have passed the challenge. If any of the checks mark your browser as suspicious, you will be given a click challenge to collect more information. The server will then decide whether you passed the challenge.

WebAssembly is also used in this process to prepare certain fields that are sent to the server, however I'm not going to go into detail about how it works.

Click Challenge

This works the same way as the normal challenge except for the fact that it only gives you the click challenge. This mode is harder to pass with automated browsers, since some very stealthy browser automation libraries may pass the initial checks of the normal challenge but fail the checks performed during the click challenge.

CAPTCHA Demo

This is a demo registration page that uses the click challenge in the form of a CAPTCHA to protect against mass registrations from bots using automated browsers and raw requests.

For a current list of browser automation libraries and their detection status, check out the detection status page.

If you encounter any false postivies or have an automated browser library you'd like me to take a look at, you can contact me on Discord @ Xewdy#7378 or by email.