CAPTCHA and One Time Passwords (OTPs) have become traditional approaches in securing web services and applications. However, these approaches can be an issue when scripting user actions for automated testing.


CAPTCHA is commonly used for user identity validation. For example, it prevents login attempts coming from bots by presenting website visitors randomly generated tests such as a piece of text, images, etc. The generated test is valid for only one login session and can’t be reused. Thus, due to its nature, resolving a CAPTCHA can’t be automated while scripting scenarios for performance or load testing.

Although resolving CAPTCHA tests is beyond the capabilities of Dotcom-Monitor, you might be able to disable a CAPTCHA for specific users (login credentials) or IP addresses or customize it on your side. Generally, there are three possible ways to script tests scenarios with Dotcom-Monitor when it is necessary to bypass a CAPTCHA:

  • Configure a target web application not to provide CAPTCHA for Dotcom-Monitor IPs. Find the list for load testing IPs here and for monitoring IPs here.
  • Completely disable the CAPTCHA module while testing.
  • Ask your web development team for CAPTCHA workarounds (like accepting any or specific values as valid).

One Time Password

OTP authenticates a user for a single login attempt or transaction by generating a one-time PIN or dynamic password. The password can be sent to the user’s device, such as a mobile phone, or passed via email.

Email verification

If you need to test a web application with multifactor authentication that relies on email verification, submit a request for a custom script to our support team (an additional fee will be applied).

Mobile phone-based authentication

Mobile phone-based authentication (e.g., SMS based OTP) is not supported by Dotcom-Monitor.