Just from personal experience, I think captcha's are probably not supported seeing that their main role is to prevent against synthetic scripts with complicated images and dynamic properties to look for.
Do they specifically want to make sure the captcha pops up? If they want to just test the web app, is there a way to verify someone is past the captcha authentication stage (a cookie or token) that could be utilized?
I concur with Pablo's response. With the uncertainty of what captcha would be presented. One would have a difficult time scripting for such scenarios due to the randomness of what would be presented.
Yes, I know what Captcha is and why. The prospect's question was very vague and didn't provide much detail or background. Perhaps they can control the way it's going to behave on their login pages. Hence my question regarding your experience with ESM and Captcha. Thanks everybody for your interest.
Per Pablo's last comment, if the prospects web team can provide you
with a bypass option - be it a custom URL to test that doesn't have the
capture, or a cookie, or their server checks for the robots user agent
or something. Then we can work with the site. If the captcha can not be
bypassed, we'll not be able to script a solution to test anything
passed the captcha.
On of my customers implements a Q
and A system (like what many systems implement for password resets)
instead of a captcha, it has 3 user provided questions and answers, the
robot is then scripted to check for and handle any of the 3 questions.
*there's some AI research that can reliably pass captchas, but that's well beyond what the robots can do.