Visual Reasoning CAPTCHAs (VRCs) combine visual scenes with natural-language queries that demand compositional inference over objects, attributes, and spatial relations. They are increasingly deployed as a primary defense against automated bots. Existing solvers fall into two paradigms: vision-centric, which rely on template-specific detectors but fail on novel layouts, and reasoning-centric, which leverage LLMs but struggle with fine-grained visual perception. Both lack the generality needed to handle heterogeneous VRC deployments. We present ViPer, a unified attack framework that integrates structured multi-object visual perception with adaptive LLM-based reasoning. ViPer parses visual layouts, grounds attributes to question semantics, and infers target coordinates within a modular pipeline. Evaluated on six major VRC providers (VTT, Geetest, NetEase, Dingxiang, Shumei, Xiaodun), ViPer achieves up to 93.2% success, approaching human-level performance across multiple benchmarks. Compared to prior solvers, GraphNet (83.2%), Oedipus (65.8%), and the Holistic approach (89.5%), ViPer consistently outperforms all baselines. The framework further maintains robustness across alternative LLM backbones (GPT, Grok, DeepSeek, Kimi), sustaining accuracy above 90%. To anticipate defense, we further introduce Template-Space Randomization (TSR), a lightweight strategy that perturbs linguistic templates without altering task semantics. TSR measurably reduces solver (i.e., attacker) performance. Our proposed design suggests directions for human-solvable but machine-resistant CAPTCHAs.

翻译：视觉推理验证码（VRCs）将视觉场景与自然语言查询相结合，要求对物体、属性和空间关系进行组合推理。它们正日益被部署为抵御自动化机器人的主要防线。现有求解器遵循两种范式：以视觉为中心的范式依赖特定于模板的检测器，但无法处理新颖的布局；以推理为中心的范式利用大语言模型，但在细粒度视觉感知方面存在困难。两者都缺乏处理异构VRC部署所需的通用性。我们提出了ViPer，一个统一的攻击框架，它将结构化的多物体视觉感知与基于大语言模型的自适应推理相结合。ViPer在一个模块化流程中解析视觉布局、将属性与问题语义进行关联，并推断目标坐标。在六个主要VRC提供商（VTT、极验、网易、顶象、数美、小盾）上的评估表明，ViPer实现了高达93.2%的成功率，在多个基准测试中接近人类水平。与先前的求解器GraphNet（83.2%）、Oedipus（65.8%）以及Holistic方法（89.5%）相比，ViPer始终优于所有基线。该框架在替代的大语言模型骨干（GPT、Grok、DeepSeek、Kimi）上进一步保持了鲁棒性，准确率维持在90%以上。为了预判防御措施，我们进一步引入了模板空间随机化（TSR），这是一种在不改变任务语义的情况下扰动语言模板的轻量级策略。TSR可测量地降低了求解器（即攻击者）的性能。我们提出的设计为人类可解但机器难解的验证码指明了方向。