In order to prevent brute force attacks, some pages are implementing a hybrid protection system including JavaScript challenges. This protection is based on the idea of using a browser with deactivated JavaScript to carry out brute force attacks. Therefore, automatic tests fulfillment in brute force attacks as well as web security audits using tools such as Burp Suite are limited. By using JavaScript challenges, a JavaScript logic is added to the client who should run a function which result will be sent as an additional parameter and which validity in the server will also be checked. The current date, random numbers, the data which is supposed to be sent or any other value could be included as function entry. ...