0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

Update captcha-bypass.md

This commit is contained in:
Taleb Qasem 2022-10-09 07:24:32 +06:00 committed by GitHub
parent d8ffc8fffb
commit 049a3834ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pentesting-web/captcha-bypass.md
View File

@ -19,7 +19,7 @@
# Captcha Bypass
To **automate** the **testing** of some functions of the server that allows user input it **could** be **needed** to **bypass** a **captcha** implementation. Test these things:
To **automate** the **testing** of some functions of the server that allows user input it **could** be **needed** to **bypass** a **captcha** implementation. Therefore, try to test for these things:
* **Do not send the parameter** related to the captcha.
* Change from POST to GET or other HTTP Verbs
@ -30,7 +30,7 @@ To **automate** the **testing** of some functions of the server that allows user
* Try to use an **old captcha value**
* Check if you can use the **same** captcha **value** several times with **the same or different sessionID.**
* If the captcha consists on a **mathematical operation** try to **automate** the **calculation.**
* If the captcha consists on **read characters from an image**, check manually or with code **how many images** are being used and if only a **few images are being used, detect them by MD5.**
* If the captcha consists of **read characters from an image**, check manually or with code **how many images** are being used and if only a **few images are being used, detect them by MD5.**
* Use an **OCR** ([https://github.com/tesseract-ocr/tesseract](https://github.com/tesseract-ocr/tesseract)).