5.1 KiB
Captcha Bypass
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Captcha Bypass
To automate the testing of some functions of the server that allows user input it could be needed to bypass a captcha implementation. Therefore, try to test for these things:
- Do not send the parameter related to the captcha.
- Change from POST to GET or other HTTP Verbs
- Change to JSON or from JSON
- Send the captcha parameter empty.
- Check if the value of the captcha is in the source code of the page.
- Check if the value is inside a cookie.
- Try to use an old captcha value
- Check if you can use the same captcha value several times with the same or different sessionID.
- If the captcha consists on a mathematical operation try to automate the calculation.
- If the captcha consists of read characters from an image, check manually or with code how many images are being used and if only a few images are being used, detect them by MD5.
- Use an OCR (https://github.com/tesseract-ocr/tesseract).
Online Services to bypass captchas
Capsolver
Capsolver‘s automatic captcha solver offers the most affordable and quick captcha-solving solution. You may rapidly combine it with your program using its simple integration option to achieve the best results in a matter of seconds.
With a success rate of 99.15%, Capsolver can answer more than 10M captchas every minute. This implies that your automation or scrape will have a 99.99% uptime. You may buy a captcha package if you have a large budget.
At the lowest price on the market, you may receive a variety of solutions, including reCAPTCHA V2, reCAPTCHA V3, hCaptcha, hCaptcha Click, reCaptcha click, Funcaptcha Click, FunCaptcha, datadome captcha, aws captcha, picture-to-text, binance / coinmarketcap captcha, geetest v3 / v3, and more. With this service, 0.1s is the slowest speed ever measured.
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.