hacktricks/pentesting-web/captcha-bypass.md
chiyochichi 882371226a
clean up ad
i would remove that section entirely ngl
2024-02-25 11:09:32 +02:00

63 lines
5 KiB
Markdown

# Captcha Bypass
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
## Captcha Bypass
To **bypass** the captcha during **server testing** and automate user input functions, various techniques can be employed. The objective is not to undermine security but to streamline the testing process. Here's a comprehensive list of strategies:
1. **Parameter Manipulation**:
* **Omit the Captcha Parameter**: Avoid sending the captcha parameter. Experiment with changing the HTTP method from POST to GET or other verbs, and altering the data format, such as switching between form data and JSON.
* **Send Empty Captcha**: Submit the request with the captcha parameter present but left empty.
2. **Value Extraction and Reuse**:
* **Source Code Inspection**: Search for the captcha value within the page's source code.
* **Cookie Analysis**: Examine the cookies to find if the captcha value is stored and reused.
* **Reuse Old Captcha Values**: Attempt to use previously successful captcha values again. Keep in mind that they might expire at any time.
* **Session Manipulation**: Try using the same captcha value across different sessions or the same session ID.
3. **Automation and Recognition**:
* **Mathematical Captchas**: If the captcha involves math operations, automate the calculation process.
* **Image Recognition**:
* For captchas that require reading characters from an image, manually or programmatically determine the total number of unique images. If the set is limited, you might identify each image by its MD5 hash.
* Utilize Optical Character Recognition (OCR) tools like [Tesseract OCR](https://github.com/tesseract-ocr/tesseract) to automate character reading from images.
4. **Additional Techniques**:
* **Rate Limit Testing**: Check if the application limits the number of attempts or submissions in a given timeframe and whether this limit can be bypassed or reset.
* **Third-party Services**: Employ captcha-solving services or APIs that offer automated captcha recognition and solving.
* **Session and IP Rotation**: Frequently change session IDs and IP addresses to avoid detection and blocking by the server.
* **User-Agent and Header Manipulation**: Alter the User-Agent and other request headers to mimic different browsers or devices.
* **Audio Captcha Analysis**: If an audio captcha option is available, use speech-to-text services to interpret and solve the captcha.
## Online Services to solve captchas
### [Capsolver](https://www.capsolver.com/)
Capsolver's automatic captcha solver offers an **affordable and quick captcha-solving solution**. You may rapidly combine it with your program using its simple integration option to achieve the best results in a matter of seconds. It can solve reCAPTCHA V2 and V3, hCaptcha, FunCaptcha, datadome, aws captcha, picture-to-text, binance / coinmarketcap captcha, geetest v3, and more. However, this is not a bypass per-se.
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>