WebApp Sec mailing list archives
RE: [WEB SECURITY] Defeating CAPTCHA
From: "Debasis Mohanty" <debasis () hackingspirits com>
Date: Thu, 25 Aug 2005 00:46:27 +0530
Early this year, I had an oppourtunity to work on CAPTCHAs. Also wrote a program which can defeat simpler CAPTCHAs but it has its limitations. As the complexities of the algo^m increases with increase in the CAPTCHA's complexities, I had to drop it half way ;-) Thought it was a wastage of time... Pick from my post in FD - http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032708.html There already exists few interesting projects around on circumventing CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs have survived such tests. A project devoted to breaking CAPTCHA systems can be found here: http://sam.zoy.org/projects/pwntcha/ Here's a link to the original paper that discussed how they broke the ez-gimpy system that Yahoo! uses (92%), and have about a 33% success rate with the harder version, gimpy. http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html - D -----Original Message----- From: robert () webappsec org [mailto:robert () webappsec org] Sent: Wednesday, August 24, 2005 11:59 PM To: websecurity () webappsec org; webappsec () securityfocus com Subject: [WEB SECURITY] Defeating CAPTCHA This was linked off of slashdot (http://it.slashdot.org/article.pl?sid=05/08/24/1629213&tid=172&tid=95) and explains some of the ways people are breaking CAPTCHA (http://en.wikipedia.org/wiki/Captcha) based systems. http://sam.zoy.org/pwntcha/ - Robert robert_at_webappsec.org http://www.cgisecurity.com --------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/
Current thread:
- Defeating CAPTCHA robert (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA Debasis Mohanty (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA focus (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA Michal Zalewski (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA focus (Aug 25)
- Re: Defeating CAPTCHA Jayson Anderson (Aug 25)
- Re: Defeating CAPTCHA Mark Burnett (Aug 25)
- Re: Defeating CAPTCHA Chris Shiflett (Aug 25)
- Re: Defeating CAPTCHA Jayson Anderson (Aug 25)
- Re: Defeating CAPTCHA Andrew van der Stock (Aug 25)
- Re: Defeating CAPTCHA Mark Burnett (Aug 25)
- Re: Defeating CAPTCHA Stephen de Vries (Aug 25)
- RE: Defeating CAPTCHA Glenn Euloth (Aug 26)
- Re: Defeating CAPTCHA Christopher Kunz (Aug 31)
- RE: [WEB SECURITY] Defeating CAPTCHA Debasis Mohanty (Aug 25)