WebApp Sec mailing list archives
RE: [WEB SECURITY] Defeating CAPTCHA
From: focus () karsites net
Date: Thu, 25 Aug 2005 15:30:06 +0100 (BST)
Hi all! I suppose if the user had to select each letter and/or numeric digit from a captcha seperately, and enter these using a randomly generated input sequence by the server, that would block any programs from reading the CAPTCHA and feeding it directly to the form input field. After several failed attempts the server could generate another CAPTCHA, and make the user (or robot) start over again. Eg. CAPTCHA: ZXCVBNM Please enter the above CAPTCHA in the following sequence: 3rd letter: [ C ] 6th letter: [ N ] 5th letter: [ B ] 2nd letter: [ X ] 7th letter: [ M ] 4th letter: [ V ] 1st letter: [ Z ] Or via several drop down selection boxes, one for each CAPTCHA character. HTH - KR
There already exists few interesting projects around on circumventing CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs have survived such tests. A project devoted to breaking CAPTCHA systems can be found here: http://sam.zoy.org/projects/pwntcha/
Current thread:
- Defeating CAPTCHA robert (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA Debasis Mohanty (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA focus (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA Michal Zalewski (Aug 25)
- RE: [WEB SECURITY] Defeating CAPTCHA focus (Aug 25)
- Re: Defeating CAPTCHA Jayson Anderson (Aug 25)
- Re: Defeating CAPTCHA Mark Burnett (Aug 25)
- Re: Defeating CAPTCHA Chris Shiflett (Aug 25)
- Re: Defeating CAPTCHA Jayson Anderson (Aug 25)
- Re: Defeating CAPTCHA Andrew van der Stock (Aug 25)
- Re: Defeating CAPTCHA Mark Burnett (Aug 25)
- Re: Defeating CAPTCHA Stephen de Vries (Aug 25)
- RE: Defeating CAPTCHA Glenn Euloth (Aug 26)
- Re: Defeating CAPTCHA Christopher Kunz (Aug 31)
- RE: [WEB SECURITY] Defeating CAPTCHA Debasis Mohanty (Aug 25)