banner
毅种循环

毅种循环

头顶铁锅接收宇宙能量
HomeArchivesNFT 展示关于

Burp Captcha Brute Force

#渗透测试108
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This is a guide on how to use a modified version of the Captcha Killer project. It provides instructions on installation and usage, as well as how to capture and recognize captcha images. It also explains how to intercept login packets for brute force attacks and provides some limitations of the project.

Project Address: https://github.com/f0ng/captcha-killer-modified#

Recognition Library: https://github.com/sml2h3/ddddocr

0x01 Installation#

Prerequisites: Install dddocr.
pip3 install ddddocr
Use the provided jar file and py file, and modify line 17 of the py file, otherwise an error will occur.
async def handle_cb(request): img_base64=await request.text() return web.Response(text=ocr.classification(img_base64))

0x02 Start#

Start the Python script
Python3 codereg.py
image

Get Captcha
Intercept the package requesting the captcha, for example:
http://127.0.0.1/yanzheng/yanzhengma.php
And right-click to send it to the captcha panel
image
Fill in the captcha URL and click "Get", the captcha image will be displayed on the right.
image
Fill in the interface URL and request template
The template is as follows:

POST /reg HTTP/1.1 Host: 127.0.0.1:8888 Authorization:Basic f0ngauth User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 8332 <@BASE64><@IMG_RAW></@IMG_RAW></@BASE64> 
![](https://cdn.nlark.com/yuque/0/2023/png/21847644/1679490439070-597f207d-997f-47bb-b9e5-3639f298b77d.png#averageHue=%23f2eee9&height=334&id=wnUOw&originHeight=334&originWidth=274&originalType=binary&ratio=1&rotation=0&showTitle=false&status=done&style=none&title=&width=274)

After filling in, click "Recognize" to recognize the captcha image just obtained.
Click "Recognize" repeatedly to recognize multiple images.
Click "Get" once and click "Recognize" once to recognize images one by one.
Used to observe whether the captcha recognition on the right is accurate.
image

0x03 Capture Login Package Brute Force#

Turn on the interception switch, intercept and capture the login operation package, and send it to the Intruder module
Select attack mode: Pitchfork
Mark the fields for the password and captcha values
image

The first payload is the value of the username:
image
The second payload is the value of the captcha:
The mode has changed, and the plugin needs to be loaded.
image

PS: Note that you need to set single-threaded mode, otherwise the captcha will be mixed. It is also best to set a delay.
image
Then, attack.
image
The specific recognition situation can also be seen on the plugin page.
image

0x04 Done#

Can only recognize some simple graphics, arithmetic is not supported.
image

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.