The Captcha problem is a very common problem in automated testing , and it is also a very difficult problem. The original intention of the image verification code design is actually to prevent automation and prevent some people from maliciously attacking the website with automatic tools. Unfortunately, some automated testing tools we use are also included. Of course, there is no way to deal with the verification code. There are still many ways, but we need to think beyond the technical level. Without further ado, here are some common solutions:
1. Identification method (technology)
The recognition method is to perform character recognition on the picture of the verification code. The principle is to parse the picture through the recognition algorithm, and the accuracy of the analysis depends on the complexity of the picture.
Students who are familiar with QTP should know that a technology called OCR recognition is used when making text checkpoints and text area checkpoints. The full name of OCR is Optical Character Recognition, which is called Optical Character Recognition in Chinese. OCR refers to the process by which electronic devices (such as scanners or digital cameras) examine characters printed on paper, determine their shapes by detecting dark and light patterns, and then use character recognition methods to translate the shapes into computer text; The process of scanning and then analyzing and processing image files to obtain text and layout information.
According to my experience, if the characters in the picture are square and the background of the picture is relatively monotonous, then the OCR recognition rate will be very high. For example, pictures similar to the following verification codes can be recognized by OCR:
But for some complex pictures: the fonts are crooked, the font color and picture background are very fancy, there are deliberately interfering curved lines, even calculations, etc. If this happens, then the OCR recognition rate will be very low or even helpless, such as:
Verification image of Sina Weibo registration page
The verification picture of Taobao registration page
God-level verification pictures. . .
We can see that OCR is a good method to identify characters in captcha images, but it also has many limitations and is only suitable for some simple images. If the validation images in your project are complex, give up this method decisively.
2. Interface method (technology)
The interface method is to allow developers to provide a test interface through which the image verification code can be obtained. There are many specific implementations of this method. For example, an interface that can be used by the client is provided on the server side. As long as the client passes its own SessionID, the interface will return the correct Session at this time. This method can It is easy for the automatic test tool to directly obtain the correct verification code content that should be submitted; or hide a verification code content tag in the web page, and the verification code content can be easily obtained by reading the value in the webpage tag.
Adding the interface for obtaining the verification code will inevitably increase a very large security risk, so this method is only suitable for use in the test environment.
3. Removal method (non-technical)
The so-called removal method is very simple, which is to remove the function of the image verification code. This is the most labor-saving method, but it requires the cooperation of developers and the consent of leaders. However, it should be noted that this method is only suitable for use in the test environment. When the software product is launched, the image verification code function needs to be restored, otherwise there will be huge security risks.
4. Cryptography (non-technical)
As the name suggests, the cipher method is to communicate through a secret agreement reached in advance. Here, it refers to asking developers to provide a "universal verification code". No matter how the picture changes, just enter the universal verification code to pass. However, this method will also cause security risks. If the verification code is known by the attacker, this method is only suitable for use in the test environment.
The above are some common methods for dealing with image verification code problems in web automation testing. These methods themselves have certain advantages, disadvantages and limitations. As for which method to adopt, the specific project situation and requirements of the results need to be considered. Remember, there is no most A good way, only the most suitable way!
