CAPTCHA with Images (ComplexImage)
and CapMonster Cloud

Captcha solving, website integration, and testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses ComplexImage, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate ComplexImage so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is an image CAPTCHA

An image CAPTCHA is a type of visual CAPTCHA where the user needs to perform a task related to image analysis. Typically, the system asks the user to select images that meet a certain condition, count objects, identify the correct position of an item, or perform another visual action. Unlike text-based CAPTCHAs, where users only enter characters from an image, image CAPTCHAs test the ability to interpret visual information and perform logical actions. This makes them harder to automatically recognize and more effective at protecting registration, login, and other critical forms from bots.

How to solve image CAPTCHA using CapMonster Cloud

When testing forms with Tencent CAPTCHA, it is often necessary to check the CAPTCHA functionality and ensure it is correctly integrated.

You can manually test the CAPTCHA implemented on your website:

Open the page with the form and make sure the CAPTCHA is displayed.
Try submitting the form without solving the CAPTCHA — the server should return an error.
After successfully solving the CAPTCHA, the form should submit without errors.

For automatic CAPTCHA solving, you can use specialized services such as CapMonster Cloud — a tool that receives CAPTCHA parameters, processes them on its servers, and returns a ready solution — e.g., numbers or click coordinates that can be used to pass verification without user involvement.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this stage, provide your API key, CAPTCHA type, and parameters. The service returns a unique taskId, which can be used later to retrieve the result.

Sending an API request

The request for solving an image CAPTCHA should include the following parameters:

type - ComplexImageTask

class - recognition

imagesBase64 - an array of images in Base64 format. Example: [“/9j/4AAQSkZJRgABAQEAAAAAAAD…”];

Task (inside metadata) - Name of the task (e.g., dli).

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:

{
  "clientKey": "API_KEY",
  "task": {
    "type": "ComplexImageTask",
    "class": "recognition",
    "imagesBase64": [
      "base64"
    ],
    "metadata": {
      "Task": "dli" //  replace with your desired task, the list of available modules can be found at https://docs.capmonster.cloud/docs/captchas/ComplexImageTask-Recognition/
    }
  }
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:


{
    "solution":
  {
    "answer": "1",
    "metadata": {
        "AnswerType": "Text"
    }
  },
    "cost": 0.0003,
    "status": "ready",
    "errorId": 0,
    "errorCode": null,
    "errorDescription": null
}

Placing the token on the page

The received token can be inserted into a hidden form field or triggered via a JS function on the website to confirm the solution. The server will then accept the form as correctly filled. For automation and testing, Puppeteer, Selenium, or Playwright can be used to emulate user actions, input tokens, and submit forms.

Image CAPTCHA recognition using ready-made libraries

CapMonster Cloud provides ready-made libraries for easy usage in Python, JavaScript (Node.js), and C#.

Python

JavaScript

Insert solution and submit form

Node.js example for a complete cycle of CAPTCHA recognition on your webpage. Possible approaches: use HTTP requests to retrieve HTML and protection parameters, send the solution, and process the result. Or, as in the example, use automation tools (like Playwright) — open the page, wait for the check, submit parameters via CapMonster Cloud client, receive the result, insert it into the proper field (for testing you can use correct or incorrect data) and observe the outcome.


// npm install playwright @zennolab_com/capmonstercloud-client
// npx playwright install chromium

import { chromium } from 'playwright';
import { CapMonsterCloudClientFactory, ClientOptions, ComplexImageTaskRecognitionRequest } from '@zennolab_com/capmonstercloud-client';

const API_KEY = "YOUR_API_KEY";
const TARGET_URL = "https://example.com/captcha-page";

async function solveComplexImageTaskPlaywright() {
    const browser = await chromium.launch({ headless: false });
    const context = await browser.newContext();
    const page = await context.newPage();
    await page.goto(TARGET_URL);

    // Find the CAPTCHA image
    const captchaHandle = await page.$('#captcha'); // replace with the real selector
    const captchaBase64 = await captchaHandle.evaluate(img => {
        const canvas = document.createElement('canvas');
        canvas.width = img.width;
        canvas.height = img.height;
        const ctx = canvas.getContext('2d');
        ctx.drawImage(img, 0, 0);
        return canvas.toDataURL('image/png').split(',')[1];
    });

    console.log("Captcha base64:", captchaBase64.substring(0, 50) + "...");

    const cmcClient = CapMonsterCloudClientFactory.Create(
        new ClientOptions({ clientKey: API_KEY })
    );

    // Send CAPTCHA for recognition
    const citRecognitionRequest = new ComplexImageTaskRecognitionRequest({
        imagesBase64: [captchaBase64],
        metaData: { Task: 'oocl_rotate' } // replace with your CAPTCHA type
    });

    const result = await cmcClient.Solve(citRecognitionRequest);
    console.log("Solution received:", result);

    // Process the solution
    const solution = result.solution;

    if (!solution) {
        console.error("No solution received");
        return;
    }

    if (solution.metadata?.AnswerType === "Coordinate") {
        // CAPTCHA with coordinates
        const box = await captchaHandle.boundingBox();
        for (const point of solution.answer) {
            const clickX = box.x + point.X;
            const clickY = box.y + point.Y;
            console.log(`Clicking at: (${clickX}, ${clickY})`);
            await page.mouse.click(clickX, clickY);
        }
    } else if (solution.metadata?.AnswerType === "Grid") {
        // Grid CAPTCHA (true/false array)
        const box = await captchaHandle.boundingBox();
        const gridItems = await page.$$('#captcha_grid div'); // replace with grid element selectors
        const answers = solution.answer;

        for (let i = 0; i < answers.length; i++) {
            if (answers[i] && gridItems[i]) {
                const itemBox = await gridItems[i].boundingBox();
                const clickX = itemBox.x + itemBox.width / 2;
                const clickY = itemBox.y + itemBox.height / 2;
                console.log(`Clicking grid item ${i} at: (${clickX}, ${clickY})`);
                await page.mouse.click(clickX, clickY);
            }
        }
    } else {
        console.warn("Unknown captcha solution type:", solution.metadata?.AnswerType);
    }

    // Click confirmation button (if any)
    await page.click('#submit_button'); // replace with the real button selector

    console.log("Captcha solved.");
}

solveComplexImageTaskPlaywright().catch(console.error);

There is also a great option to test CAPTCHA recognition using the CapMonster Cloud browser extension, which allows fast testing directly on the page and real-time tracking of the solving process without coding – available for Chrome and Firefox.

How to integrate image CAPTCHA into your website

To understand how CAPTCHA works on your site, check its logic, or reconfigure it, we recommend this section. It describes the general process of protection integration — this helps quickly grasp all the nuances.

1. Generate CAPTCHA on the server.

A CAPTCHA image is created: single image or image grid.
Noise, distortions, and random elements are added to prevent bots.
A unique captchaId is generated and the correct solution is stored (in memory, database, or cache).

2. Send CAPTCHA to client

Server sends captchaId and image (Base64 or URL) to client.
Client displays the CAPTCHA, e.g., with <img> or grid <div> with instructions.

If you want to create your own CAPTCHA from scratch, check our detailed guide where all key implementation steps are explained.

Example client part (HTML + JS)


<!--Grid image CAPTCHA-->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Grid CAPTCHA Demo</title>
<style>
  #captchaGrid {
    display: grid;
    grid-template-columns: repeat(3, 100px);
    grid-gap: 10px;
    margin-bottom: 10px;
  }
  .grid-item {
    width: 100px;
    height: 100px;
    background-color: #eee;
    display: flex;
    align-items: center;
    justify-content: center;
    cursor: pointer;
    border: 2px solid transparent;
  }
  .grid-item.selected {
    border-color: blue;
  }
</style>
</head>
<body>
<h1>Grid CAPTCHA Demo</h1>

<div id="captchaGrid"></div>
<button id="submitBtn">Submit</button>
<button id="refreshBtn">Refresh CAPTCHA</button>
<p id="result"></p>

<script>
let captchaId;
let answers = []; // true/false array for clicks

async function loadCaptcha() {
    const res = await fetch('/captcha'); // Server returns JSON with captchaId and array of Base64 images
    const data = await res.json();
    captchaId = data.captchaId;
    answers = new Array(data.images.length).fill(false);

    const grid = document.getElementById('captchaGrid');
    grid.innerHTML = '';

    data.images.forEach((imgBase64, i) => {
        const div = document.createElement('div');
        div.className = 'grid-item';
        div.style.backgroundImage = `url('data:image/png;base64,${imgBase64}')`;
        div.style.backgroundSize = 'cover';
        div.addEventListener('click', () => {
            answers[i] = !answers[i];
            div.classList.toggle('selected', answers[i]);
        });
        grid.appendChild(div);
    });

    document.getElementById('result').textContent = '';
}

document.getElementById('refreshBtn').addEventListener('click', loadCaptcha);

document.getElementById('submitBtn').addEventListener('click', async () => {
    const res = await fetch('/captcha/verify', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ captchaId, answer: answers })
    });
    const data = await res.json();
    document.getElementById('result').textContent = data.success ? 'Captcha passed!' : 'Captcha failed, try again.';
    if (!data.success) loadCaptcha();
});

// Load CAPTCHA at start
loadCaptcha();
</script>
</body>
</html>

3. User enters the answer

User enters text, clicks on images, or rotates objects.
Client formats the answer in the proper structure:

Text CAPTCHA → string
Grid → true/false array
Coordinates → array of {X, Y}

4. Submit answer to server:

Client sends POST request with captchaId and answer.
Optionally, session token can be sent to prevent repeated solving.

5. Server validation

Server looks up CAPTCHA session by captchaId.
Compares user answer with correct solution.
Returns success: true/false.
If failed, CAPTCHA can be refreshed.

Server-side example


<?php
session_start();

// CAPTCHA TTL in seconds
define('CAPTCHA_TTL', 300); // 5 minutes

// Generate random image
function generateCaptchaImage($text = null) {
    $width = 100;
    $height = 100;
    if (!$text) {
        $text = substr(str_shuffle('ABCDEFGHJKLMNPQRSTUVWXYZ23456789'), 0, 2);
    }

    $image = imagecreatetruecolor($width, $height);

    // Background
    $bgColor = imagecolorallocate($image, rand(180, 255), rand(180, 255), rand(180, 255));
    imagefilledrectangle($image, 0, 0, $width, $height, $bgColor);

    // Text
    $textColor = imagecolorallocate($image, 0, 0, 0);
    $fontSize = 15;
    $fontFile = __DIR__ . '/Arial.ttf'; // Path to TTF font
    if (file_exists($fontFile)) {
        imagettftext($image, $fontSize, rand(-20,20), 10, 50, $textColor, $fontFile, $text);
    } else {
        imagestring($image, 5, 10, 40, $text, $textColor);
    }

    ob_start();
    imagepng($image);
    $imgData = ob_get_clean();
    imagedestroy($image);

    return base64_encode($imgData);
}

// Create grid CAPTCHA
function generateGridCaptcha() {
    $numImages = 9; // 3x3
    $images = [];
    $solution = [];

    for ($i = 0; $i < $numImages; $i++) {
        // Random solution, correct image or not (example)
        $isCorrect = rand(0,1) === 1;
        $solution[] = $isCorrect;

        // Generate image (add various objects for real CAPTCHA)
        $text = $isCorrect ? 'OK' : 'NO';
        $images[] = generateCaptchaImage($text);
    }

    return ['images' => $images, 'solution' => $solution];
}

// CAPTCHA generation endpoint
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['REQUEST_URI'] === '/captcha') {
    $captchaId = uniqid('captcha_', true);
    $gridCaptcha = generateGridCaptcha();

    $_SESSION['captchas'][$captchaId] = [
        'solution' => $gridCaptcha['solution'],
        'timestamp' => time()
    ];

    header('Content-Type: application/json');
    echo json_encode([
        'captchaId' => $captchaId,
        'images' => $gridCaptcha['images']
    ]);
    exit;
}

// CAPTCHA verification endpoint
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['REQUEST_URI'] === '/captcha/verify') {
    $data = json_decode(file_get_contents('php://input'), true);
    $captchaId = $data['captchaId'] ?? '';
    $answer = $data['answer'] ?? [];

    if (!isset($_SESSION['captchas'][$captchaId])) {
        echo json_encode(['success' => false, 'message' => 'Captcha expired or not found']);
        exit;
    }

    $captcha = $_SESSION['captchas'][$captchaId];

    // Check TTL
    if (time() - $captcha['timestamp'] > CAPTCHA_TTL) {
        unset($_SESSION['captchas'][$captchaId]);
        echo json_encode(['success' => false, 'message' => 'Captcha expired']);
        exit;
    }

    // Check true/false array
    $success = $captcha['solution'] === $answer;

    // Delete CAPTCHA after verification
    unset($_SESSION['captchas'][$captchaId]);

    echo json_encode(['success' => $success]);
    exit;
}

// 404
http_response_code(404);
echo 'Not found';

6. Next steps

Successful CAPTCHA → protected process (form, registration, etc.) is allowed.
Failed CAPTCHA → issue a new one, optionally limit attempts.

Additionally

Use TTL (time-to-live) for CAPTCHA sessions to expire automatically.
Cache images and use temporary URLs to save resources.
Ensure correct click and touch behavior on mobile devices.
Log and analyze to improve UX and bot protection.

Possible errors and debugging

Image CAPTCHA does not load

(Empty grid, broken images, 404/500 errors, base64 issues) — check that the server correctly generates images, the base64 data is not corrupted, the image format is supported by the browser, and the client receives a valid captchaId.

User clicks are not processed

(Cells are not highlighted or the response is empty) — make sure click coordinates or indices are sent to the server, the data is properly serialized, and touch events are supported on mobile devices.

Captcha fails despite correct clicks

Verify that the captcha is not regenerated before validation, the correct answer is stored separately per session, the response format matches the expected one, and the captcha TTL has not expired.

CAPTCHA expired

If the user takes too long, increase TTL, refresh CAPTCHA on retry, and notify user to reload images.

Protection resilience checks

After integration, make sure the system really protects the site from automated actions.

Try submitting the form without clicks — server should reject the request;

Send a random set of clicks or coordinates — verification should fail;

Submit an answer for an expired CAPTCHA — server must deny;

Do not reuse an already solved CAPTCHA — revalidation should be impossible;

Perform load testing (e.g., with k6 or JMeter) — under high request load:

images must be generated correctly;
server must not mix up user responses;
click verification must remain stable.

Security and optimization tips

Store the correct CAPTCHA answer <b>only on the server</b> (memory, Redis, or database), never on the client.

Store the correct CAPTCHA answer only on the server (memory, Redis, or database), never on the client.

Use one-time CAPTCHA IDs (<b>captchaId</b>).

Use one-time CAPTCHA IDs (captchaId).

Limit the number of attempts per CAPTCHA.

Always use <b>HTTPS</b> for transmitting images and clicks.

Always use HTTPS for transmitting images and clicks.

Cache images and use <b>temporary URLs</b> if possible.

Cache images and use temporary URLs if possible.

Log generation and verification errors (time, IP/fingerprint, reason for failure).

Log generation and verification errors (time, IP/fingerprint, reason for failure).

Regularly update CAPTCHA mechanics (image sets, grid size/structure, task types).

Regularly update CAPTCHA mechanics (image sets, grid size/structure, task types).

Conclusion

If you encounter a site with an already installed CAPTCHA or another protection system and have no access to the code — don’t worry! It is easy to identify which technology is used. To verify functionality, you can use CapMonster Cloud in an isolated test environment to ensure token processing and logic work correctly.

For image CAPTCHAs — it’s enough to identify the system, study its behavior, and make sure protection works. This article showed how to recognize ComplexImage image CAPTCHA and how to integrate or reconfigure it to reliably maintain protection and control its operation.

Helpful links

CapMonster Cloud Documentation (ComplexImage) →

Guide to creating your own CAPTCHA →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

CAPTCHA with Images (ComplexImage) and CapMonster Cloud

How to solve image CAPTCHA using CapMonster Cloud

CAPTCHA with Images (ComplexImage)
and CapMonster Cloud