Bot Arena
Selector resistance · Level 5 View on report ↗

Slider verification

Real form + a drag-to-verify slider. The target position is only visible in pixels.

What's measured on this page
- The page renders a real DOM form (email, password, submit). Standard locators can find them. - Between the password field and the submit button sits a slider CAPTCHA rendered on a <canvas>: drag the knob from the left edge to the highlighted target zone on the right to verify. - The target zone position is randomised on every page load, and there is no DOM hint for where it is. The page records mouse-drag events on the canvas and checks the release coordinate. - Submit only marks the form as Access granted if both inputs are filled and the slider has been solved. Otherwise it shows Blocked — verification required. - A vision-based automation tool sees the target zone in the rendered image, computes its X coordinate, and drags the knob there.

Sign in

Demo target — credentials are not checked.

Drag the knob into the green zone to verify

Production apps using this technique

  • GeeTest, NetEase YiDun, Tencent CAPTCHA The dominant Chinese-market CAPTCHA family is a slider puzzle: drag a piece into a gap inside a randomised image. Used by Alibaba, Pinduoduo, JD.com, dozens of banks.
    Market ~70% of Chinese CAPTCHA market (combined) Users GeeTest serves 360K+ customer sites; deployed across China's top 10 banks
  • Alibaba slider verification Taobao, Alipay, and the wider Alibaba estate use slider verification at sign-in and during sensitive transactions. The same widget gates account recovery flows.
    Market Alibaba Group ~50% China e-commerce; Alipay ~55% China mobile payments Users Alipay 1.3B+ users; Taobao 900M+ annual buyers
  • Cloudflare Turnstile (interactive mode) When Turnstile decides a visitor is suspicious it can escalate to an interactive checkbox or drag challenge. Standard tests cannot solve it.
    Market Cloudflare fronts ~20% of all websites Users Deployed on 7M+ sites; growing fast as a free reCAPTCHA alternative
  • AWS WAF Bot Control challenges AWS WAF can issue a drag-to-align CAPTCHA during anti-bot rule evaluation; widely deployed in front of e-commerce and banking origins.
    Market AWS WAF ~30% of enterprise WAF (largest cloud-native vendor) Users Used by tens of thousands of AWS-hosted origins
  • Ticketmaster, Live Nation, queue-it virtual waiting rooms High-demand ticketing platforms gate purchases with slider or drag challenges to slow down scalper bots.
    Market Ticketmaster ~70% of US primary ticketing; Queue-it leads virtual waiting rooms Users Ticketmaster ~230M tickets/year; Queue-it: 800+ enterprise customers

Figures are approximate / company-disclosed (~2024–2025). Sources: company filings, industry reports (Gartner, IDC, BuiltWith, npm stats), and public DAU disclosures.