Human Challenge

The PerimeterX user-friendly and advanced Captcha solution

PerimeterX Human Challenge is an alternative challenge to other CAPTCHA solutions, with enhanced capabilities to detect if a user is a bot or a human. It speeds up and streamlines the user's Captcha experience, protects against Captcha solvers, and collects data related to the solvers' actions. The nature of the challenge makes it difficult to solve through API calls, automation or Captcha farms.

PerimeterX Human Challenge is a simple, no-hassle "press and hold" challenge

Why Human Challenge

PerimeterX Human Challenge provides PerimeterX insights and real-time data on the behavior of Captcha solvers. This data allows us to detect non-human CAPTCHA solvers and to provide a better user experience to real humans solving the challenge.

Other CAPTCHA solutions are often considered to be “black-box” (for example, Google reCaptcha’s iframe does not allow access to any events occurring inside it). With Human Challenge we gain visibility to all the activities and events that occur on the Challenge page. Human Challenge allows us to create honeypots, involve anti-solving techniques, and other features that have the ability to differentiate between humans and bots/CAPTCHA solvers.

Read more on CAPTCHA solvers

How do we identify if a challenge is being solved automatically by CAPTCHA solvers?

End-to-end visibility with Bot Defender: using Bot Defender capabilities, Human Challenge detects automated tools, payload or token replays, including signatures collected by the ML algorithm that were classified as malicious. Human Challenge uses Bot Defender's intelligence tools to scan the darknet/deep web to identify any CAPTCHA solving script/tool/service.
Using various honeypots such as fake CAPTCHA tokens, multiple iframes and fake events.
Tracking user interaction with the UI such as mouse, touch, and keyboard events.
Identifying injection of unwanted scripts, to detect if a script attempts to make use of the native methods provided by the DOM that are applied at the CAPTCHA environment.

How do we identify if a challenge is being solved by CAPTCHA solving services?

The PerimeterX internal OSINT system is based on more than 800 different threat-intelligence databases and platforms. Our system harvests the data according to selected keywords and trends. For example, some Captcha solving services (e.g Death by Captcha), publicly release their updated scripts and our system scans these repositories. Every time the script is updated we get a notification and our team implements new detection (if needed) against that CAPTCHA solving service.
Multiple tokens are sent, of which only one is the real token.
We are able to detect and block callbacks that were made by headless browsers (e.g. selenium) from the CAPTCHA’s stack. Services such as “2captcha” are using this kind of mechanism.

Metric*

Human Challenge compared to Google reCaptcha

Abandonment rate

10x better

Solve time

5x better

Headless browsers solve rate

2x better

These metrics are compared against dozens of customers from different industries and millions of solved challenges in the last three months. Ask for the product brief for more details!

Deploy Human Challenge

Prerequisites

Before you install the PerimeterX Human Challenge on your site:

  • Contact PerimeterX on Slack, SFDC or at [email protected] to request the Human Challenge.
  • Make sure to let us know if you are using a custom Captcha flow (e.g using Captcha in a non-blocking page).
  • Make sure you are using First-Party Sensor integration. You can check this in the Console under Application -> Snippet
  • Make sure you have the PerimeterX Sensor version 5 and above. You can check this in the Console under Policies -> JS Sensor Settings

Testing

The following should be run on your stg environment

  • Request for PerimeterX to deploy Human Challenge on your stg application.
  • Make sure to retain your user flow and desired page design.
  • Optionally, test the available localization and customization options. Refer to the Configuring section below for more details.

Production

When you are satisfied with the results of your Testing, deploy Human Challenge on Production.

  • Request for PerimeterX to deploy Human Challenge on your prod application.
  • Make sure to retain your user flow and desired page design.
  • If you are using custom localization or customization, make sure that it is included in your production environment

Default Configuration

18N (Internationalization and Localization)

Human Challenge default language is English (en). We support the following languages out-of-the-box:

Language

Value

Language

Value

Arabic

ar

Indonesian

id

Bengali

bn

Italian

it

Chinese-Simplified

zh-CN

Japanese

ja

Chinese-Traditional

zh-tw

Korean

ko

Danish

da

Persian

fa

Dutch

nl

Polish

ol

English

en

Portuguese

pt

French

fr

Romanian

ro

German

de

Russian

ru

Greek

el

Spanish

es

Gujarati

gu

Tamil

ta

Hebrew

he

Thai

th

Hindi

hi

Vietnamese

vi-VN

Hungarian

hu

Size and Colors

//Container
    width = 310;
    height = 100;
    fillColor = '#393939';
    backgroundColor = '#FFFFFF'
//Border
    borderColor = '#393939';
    borderWidth = 7;
    borderRadius = 100;
//Text
    textColor = '#393939';
    texSize = 31;
    textFont = 'OpenSans, Helvetica, Arial';
//Animation
    animation = true;
    checkmarkThickness = '7px';
    checkmarkHeight = '40px';
    checkmarkWidth = '15px';

Height, width, and size are in pixels.

Customization

To customize the challenge, add the Human Challenge Configuration before the PerimeterX snippet.

  • To add a locale not included in the Human Challenge package, add the localization code to the locale object and enter the translated text to the text line of the translation object.
  • You can customize how the Human Challenge is displayed to match the look and feel of your site.
window._<APPID>= {
  locale: <string>,
  parent: '<string>', //Optional, element id, should exists in the DOM before loading PX script
  translation: <object> // legacy
  challenge: {
      translation: {
          <locale/default>:{  //'default' entry will change the default text presented. Out-of-the-box languages support "PRESS & HOLD" default
                  btn: <translation>,
                  failed: <translation>
             }
      }
      view: <object>,
  }
 };
challenge: {
        translation: { //Change this if you'd like to add custom translations based on locale
           "default": { //overriding default translation
                  btn: 'Push',
                  btn_done: 'Done', //once you add a finish text, consider disabling animation on view section
                  failed: 'Try again'
             },
           "de": {
              "btn": "Drücken und halten", // Press and Hold button
              "failed": "Bitte versuchen Sie es erneut.", // Message shown in case of failure in previous solve attempt
              "ac_1":"Human Challenge erfordert eine Bestätigung. Bitte drücken und halten Sie die Taste bis zur Bestätigung", // Accessibility - Push and Hold for verification
              "ac_2":"Human Challenge abgeschlossen, bitte warten", // Accessibility - "Challenge Ended"
              "al_1":"Es scheint ein Verbindungsproblem zu geben. Stellen Sie sicher, dass Sie online sind, und aktualisieren Sie die Seite", // Alert on internet connection issue
              "al_2":"Es scheint ein Problem mit Ihrem Browser zu geben. Bitte führen Sie ein Upgrade durch, um PerimeterX Human Challenge zu laden",  // Alert on browser issue
              "btn_done": "Erledigt" //Done
          }
        },
        view: {
            width: <number/string>, //e.g: 100, '100%'
            height: <number/string>, //e.g: 80, '99%'
            padding: <string>, //e.g "5px 1em 0 2em"
            margin: <string>, //e.g "1px 1px 0 0"
            parts: <number>, //e.g 300 (default - 150)
            css: <array:string>, //e.g ["https://fonts.googleapis.com/css?family=Acme&display=swap"]
            backgroundColor: <string>,//e.g "#FF0033"
            fillColor: <string>,//e.g "#FF0033"
            borderColor: <string>,//e.g "#FF0033"
            borderWidth: <number>,//e.g 7
            borderRadius: <number>,//e.g 10
            textColor: <string>,//e.g "#FF33DD"
            texSize: <number>,//e.g 15
            textFont: <string>, // "Acme"
            fontWeight: <numbe/string>, //example: 100, 'bold'
            animation: <boolean>, //e.g. true
            checkmarkThickness: <string>, //e.g. "4px"
            checkmarkHeight: <string>, //e.g. "20px"
            checkmarkWidth: <string>, //e.g. "8px"
            targetColor: <string>, //e.g. "#FF00FF"
            textTransform: <string> //e.g. "none"
        }
    }
}

Compatibility

PerimeterX Human Challenge supports the following:

Web

  • Chrome ≥67
  • Safari ≥9
  • FF ≥60
  • IE ≥10
  • Edge ≥15
  • Android ≥5
  • Opera ≥55 (including mini≥16)
  • Yandex ≥16
  • UC ≥9

Mobile

  • ≥iPhone 5S
  • ≥iPad 4
  • ≥Nexus 5
  • ≥Pixel 1
  • ≥Galaxy S7
  • ≥Galaxy Note 9
  • ≥Xperia XA

On browsers that are not supported the user will get the message There seems to be a problem with your browser. Please upgrade to load PerimeterX Human Challenge

When the user is experiencing a network problem, they will receive the message There seems to be a connection issue. Please make sure you're online and then refresh the page

When the Human Challenge is solved, but there is no internet connection, the callback window._pxOnOfflineCallback occurs.

Accessibility

Human Challenge is ARIA compatible by default, and provides the following for the visually impaired user:

  • Text coded into the images
  • Proper prompting text ("press and hold")
  • Enabled keyboard access to elements on the page

Human Challenge is also available in an enhanced accessibility mode which conform with WCAG 2.1 and section 508 along with a VPAT 2.4 report with additional details. Please contact your PerimeterX CSE or SA, send us a Slack or email at [email protected] for further information.

FAQ

Who do I contact to get a detailed explanation on Human Challenge?

You can contact your PerimeterX CSE or SA, send us a Slack, or send us an email at [email protected]

How do I customize Human Challenge?

You can customize the Human Challenge and give it the same look and feel as your website. Within the Customizing_ you can customize the background color, text, font, animation, etc.

How do I localize the Human Challenge?

We offer 13 language/locale options out-of-the-box. Additionally, you can add a locale not included in the Human Challenge package. In the Customizing_, simply add the localization code to the locale object and enter the translated text to the text line of the translation object.

Does Human Challenge support accessibility?

Human Challenge is ARIA compatible by default, and provides text coded into images, proper prompting text, and keyboard access to elements on the page. Human Challenge is also available in enhanced accessibility mode


Did this page help you?