Captxa is an advanced CAPTCHA solution designed for high concurrency and performance. With features like zero-heap allocation, sub-millisecond puzzle generation, and comprehensive anti-bot measures, it effectively secures web applications against automated attacks. Easily host on a Debian Linux server and integrate seamlessly through its robust API.
Captxa is a high-performance CAPTCHA server designed to effectively combat bot traffic. Written in C, it provides two types of challenges: a lightweight proof-of-work challenge (simple) and a more complex slider-puzzle challenge, enhanced with mouse/touch trajectory analysis and additional security features such as TLS fingerprinting (JA4), GeoIP correlation, and IP reputation filtering.
Key Features
- Performance: Capable of handling over 50,000 concurrent validations per second per core, with sub-millisecond puzzle generation and zero-heap allocation in the hot path.
- Scalability: Optimally runs on a Debian Linux server, making it suitable for production environments.
How It Works
For a comprehensive technical overview, visit captxa.com/how_it_works.
API Endpoints
Captxa features a robust API with various endpoints to facilitate CAPTCHA challenges:
| Method | Path | Description |
|---|---|---|
| POST | /challenge/simp | Request a simple Proof-of-Work challenge |
| POST | /solve/simp | Submit solution for simple challenge |
| GET | /challenge/complex | Request a slider-puzzle CAPTCHA |
| POST | /solve/complex | Submit complex puzzle + trajectory |
| POST | /api/validate | Validate a previously-issued pass token |
Installation and Configuration
Captxa requires several dependencies to function optimally. The installation involves utilizing various packages, including tools for managing TLS certificates via Let's Encrypt, handling GeoIP databases, and establishing a secure operating environment. A detailed list of dependencies specific to Debian 12 and 13 is provided.
Directory Structure
The project consists of various files tailored for different functionalities:
.
├── captcha_core.c # Puzzle engine and bot detection logic
├── h2o_server.c # HTTP server and routing logic
├── ip_functions.c # IP reputation handling
├── token_functions.c # Token management for validation
├── rate_limiting.c # Rate limiting mechanisms
├── send_udp.c # Telemetry data sending over UDP
├── ja4_functions.c # TLS fingerprint extraction
├── regenerate_ip.c # IP/CIDR blocklist downloader
├── certs/ # TLS certificates and keys
├── puzzle_images/ # Directory for puzzle images
└── ip_list/ # List of malicious IPs and CIDRs
Configuration Options
The server is entirely configurable at compile-time. Users can adjust various settings such as worker threads, port numbers, and image parameters to suit their hosting environment. Additionally, options for challenge lifetimes and bot scoring thresholds are also available.
For further inquiries or support, contact details are provided: hello@captxa.com and visit captxa.com for more information.
No comments yet.
Sign in to be the first to comment.