[Upcoming] Detecting Fraudulent CAPTCHA Solvers with Network Propagation Insights

Abstract

CAPTCHA farms have become a critical tool for malicious actors to bypass bot protection mechanisms, enabling fraud schemes such as denial of inventory and SMS pumping. These services exploit proxies to mimic the IP address and fingerprint of the bot client, evading detection by traditional application-layer analyses. Additionally, CAPTCHA solving times achieved by these farms are often indistinguishable from those of real users, posing a significant challenge to existing detection methods. We propose a novel approach to identifying the use of CAPTCHA farms by leveraging network measurements. Our method examines the propagation times of the site key and CAPTCHA token exchanged between the client, the CAPTCHA provider, and the server. By analyzing these timings and correlating them with the physical distances inferred from the client IP address and the known locations of the other two parties, we aim to statistically assess the feasibility of the observed delays. We present early results from our ongoing experiments and the development of our statistical testing methodology. Through this presentation, we invite feedback from the community on our approach, its real-world applicability, and potential implementation challenges.

Elisa Chiapponi

Cybersecurity Researcher

Cybersecurity Researcher in the Global Security Operations at Amadeus IT Group