mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 06:30:37 +00:00
1 KiB
1 KiB
Captcha Bypass
Captcha Bypass
To automate the testing of some functions of the server that allows user input it could be needed to bypass a captcha implementation. Test these things:
- Do not send the parameter related to the captcha.
- Change from POST to GET or other HTTP Verbs
- Change to JSON or from JSON
- Send the captcha parameter empty.
- Check if the value of the captcha is in the source code of the page.
- Check if the value is inside a cookie.
- Try to use an old captcha value
- Check if you can use the same captcha value several times with the same or different sessionID.
- If the captcha consists on a mathematical operation try to automate the calculation.
- If the captcha consists on read characters from an image, check manually or with code how many images are being used and if only a few images are being used, detect them by MD5.
- Use an OCR
[https://github.com/tesseract-ocr/tesseract](https://github.com/tesseract-ocr/tesseract)
.