How to crack the web form with Captcha ?

[ba8y]

With Hydra and Burpsuite , we can crack web form without captcha quickly.

But now, there are many login pages with captcha,

I've tested some tools, Ex:

Tesseract OCR engine
FastOCR
cintruder

They do bad  somtimes. Ex:
Speed slowly
Captcha is not supported.


how can we crack them quickly ?

[Raavgo]

What kind of captcha is it? (pattern recognition, equation solving, question to answer)
How is it checked ? (JS Captcha checked on the client?, answer sent to server and checked there?)

Don't wonder why I mentioned JS Captchas I recently saw one of those 

In general it is a pattern captcha and you would have to use pattern recognition software to bruteforce them, but luckily there is a way to circumvent them...

But before you can circumvent Captchas you have to understand how they work:
http://www.gohacking.com/what-is-captcha-how-it-works/

(I might even write a tutorial if I got some spare time)
I found a good tutorial from mcafee:
http://www.mcafee.com/us/resources/white-papers/foundstone/wp-bypassing-captchas.pdf


After you read that and you still have no clue how to circumvent them you can ask again and I'll try to explain it to you.

[Kulverstukas]

After you read that and you still have no clue how to circumvent them you can pm me and I'll try to explain it to you.

Why PM? you can discuss it right here, so other people can also benefit from it.

[Raavgo]

Why PM? you can discuss it right here, so other people can also benefit from it.

Yep you are right Kulver we should discuss it here.
I actually don't know why I wrote PM, it seems like my brain was afk 

[ba8y]

http://www.mcafee.com/us/resources/white-papers/foundstone/wp-bypassing-captchas.pdf
It's really a nice job.

CAPTCHA providers generally offer both CAPTCHA generation and validation services. To use these services, the subscribing websites either use the existing libraries and plugins or write their own. A typical user interaction with a web application that relies on a CAPTCHA provider is summarized below:

1. A user requests a page that requires CAPTCHA validation.

2. The returned page contains an embedded <img> (or <script>) tag to retrieve the CAPTCHA
image from the CAPTCHA provider.

3. Upon parsing the embedded tags, the browser retrieves a CAPTCHA from the CAPTCHA provider and displays it to the user.

4. The user fills in the form fields, enters the CAPTCHA solution, and submits the page to the web application.

5. The web application then submits the CAPTCHA solution to the CAPTCHA provider for verification.

6. The CAPTCHA provider responds to the web application with success or failure message.

7. Based on CAPTCHA provider’s response, the web application allows or denies the request.

Sample impersonation
The steps below show how to run clipcaptcha as CAPCHA provider:
• Enable forwarding mode on your machine. (echo “1” > /proc/sys/net/ipv4/ip_forward)
• Set up iptables to redirect HTTP traffic to clipcaptcha. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listeningPort>)
• Run arpspoof to redirect the traffic to your machine. (arpspoof -i <interface> -t
<targetIP> <gatewayIP>)
• Run clipcaptcha in one of its mode of operation. (clipcaptcha.py <mode> -l <listeningPort>)
Once clipcaptcha instance starts running, all CAPTCHA validation requests will be administered
by clipcaptcha.

Has someone test it ever ??

[vezzy]

self-advertisement: http://evilzone.org/tutorials/analysis-and-construction-of-spambots/

I referenced McAfee's paper, too.