当前位置:网站首页>captcha-killer验证码识别插件
captcha-killer验证码识别插件
2022-07-06 09:23:00 【又懒有菜】
目录
环境的配置
插件下载地址GitHub - broken5/captcha-killer-java8https://github.com/broken5/captcha-killer-java8
0x01 作用
在目前实战挖掘src或者渗透测试中 大部分验证码是不可以啊绕过的 。想要通过爆破来进入后台页面 。 repeat模块测试后,验证码不可绕过,用captcha-killer能够识别验证码。 之后再进行弱口令爆破。
0x02 安装插件
jar的安装跳过了 安装成功效果如下
实战第一步 抓包方式
0x01 截取验证码包
这里截取之后不会再porxy中显示 但是history可以查看数据包
0x02 发送包
将验证码包发送到captcha-killer 如上图右键没有扩展插件
先将包发送到repeat中 再在repeat发送到capcha-killer模块
发送成功点击获取
实战第二步 接口配置
0x01 接口的配置
这里接口选用云打码平台(错误率大概5%):
图片识别-打码平台-打码网站-识别验证码-图鉴网络科技有限公司http://www.ttshitu.com/
POST /predict HTTP/1.1
Host: api.ttshitu.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Accept: application/json;
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_d92eb5418ecf5150abbfe0e505020254=1585994993,1586144399; SESSION=5ebf9c31-a424-44f8-8188-62ca56de7bdf; Hm_lpvt_d92eb5418ecf5150abbfe0e505020254=1586144399
Connection: close
Content-Type: application/json;charset=UTF-8
Content-Length: 109
{"username":"账号","password":"密码","typeid":"3","image":"<@BASE64><@IMG_RAW></@IMG_RAW></@BASE64>"}
识别率如上图
实战第三步 爆破模块的设置
0x01 为验证码设置变量
边栏推荐
- Tencent map circle
- Middleware vulnerability recurrence Apache
- Low income from doing we media? 90% of people make mistakes in these three points
- 简述xhr -xhr的基本使用
- 7-8 7104 约瑟夫问题(PTA程序设计)
- js判断对象是否是数组的几种方式
- How to turn wechat applet into uniapp
- 记一次api接口SQL注入实战
- 扑克牌游戏程序——人机对抗
- It's never too late to start. The tramp transformation programmer has an annual salary of more than 700000 yuan
猜你喜欢
Meituan dynamic thread pool practice ideas, open source
The difference between cookies and sessions
7-5 走楼梯升级版(PTA程序设计)
Using spacedesk to realize any device in the LAN as a computer expansion screen
xray与burp联动 挖掘
Principles, advantages and disadvantages of two persistence mechanisms RDB and AOF of redis
[VMware abnormal problems] problem analysis & Solutions
Hackmyvm target series (4) -vulny
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
7-7 7003 组合锁(PTA程序设计)
随机推荐
Callback function ----------- callback
List and data frame of R language experiment III
Experiment five categories and objects
sqqyw(淡然点图标系统)漏洞复现和74cms漏洞复现
Detailed explanation of three ways of HTTP caching
Xray and Burp linked Mining
Xray and burp linkage mining
Mixlab unbounded community white paper officially released
It's never too late to start. The tramp transformation programmer has an annual salary of more than 700000 yuan
内网渗透之内网信息收集(五)
记一次edu,SQL注入实战
扑克牌游戏程序——人机对抗
3. Input and output functions (printf, scanf, getchar and putchar)
Matlab opens M file garbled solution
小程序web抓包-fiddler
7-14 error ticket (PTA program design)
7-15 h0161. Find the greatest common divisor and the least common multiple (PTA program design)
XSS之冷门事件
7-15 h0161. 求最大公约数和最小公倍数(PTA程序设计)
. Net6: develop modern 3D industrial software based on WPF (2)