Skip to main content

Marcus Craske

hack the planet|

The Importance of Captcha & Free Pizza!

The Importance of Captcha & Free Pizza!

During October 2016, Papa Johns held a competition to promote their Papa Rewards system, whereby users could enter an e-mail and potentially win Papa Reward points, or receive a £10 discount.


Besides the £10 discount, the actual rewards were:

  • 8 points for a free small side
  • 12 points for a free large side
  • 25 points for a free large pizza

…with no prior orders on an account needed, no need for other items on your order and free delivery. Rewarded at…random?.

Sounds like free dinner for a month! :)

Free Dinner

At first, you could enter a random e-mail without any sort of confirmation and eventually players would win the main prize (a large pizza).

After only a week, this was changed, requiring users to confirm their e-mail when entering excessive entries from a single IP address. And using the same Gmail e-mail with a filter added, by appending a suffix to the username e.g. [email protected] turned into [email protected], was also banned, along with many temporary e-mail providers.

But not all temporary e-mail providers. And the process, including the e-mail confirmation page, did not present any form of human verification, such as a captcha, or limit the volume of requests/entries.

And as a result, a simple bot, using Selenium, could mine for a specific number of large pizzas instead:

Automated bots

…theoretically :D.

Source code:

Nom nom nom…

Legal disclaimer: this post only presents what could be possible, and is not an admission of guilt, or/and actions, nor does it condone such behaviour. And any photos are artistic in nature, and this article was written and exists only for the purposes of entertainment and education.