当前位置:网站首页>Captcha killer verification code identification plug-in
Captcha killer verification code identification plug-in
2022-07-06 14:17:00 【Lazy and talented】
Catalog
Configuration of the environment
The first step in actual combat How to grab the bag
The second step of actual combat Interface configuration
The third step in actual combat Setting of blasting module
Configuration of the environment
Plug in download address GitHub - broken5/captcha-killer-java8https://github.com/broken5/captcha-killer-java8
0x01 effect
In the current actual combat mining src Or penetration testing Most verification codes cannot be bypassed . Want to enter the background page by blasting . repeat After module test , The verification code cannot be bypassed , use captcha-killer Be able to identify the verification code . Then conduct weak password blasting .
0x02 Installing a plug-in
jar Installation of skipped The effect of successful installation is as follows
The first step in actual combat How to grab the bag
0x01 Intercept the verification code package
After intercepting here, there will be no porxy It shows that however history You can view packets
0x02 Send package
Send the verification code package to captcha-killer As shown in the figure above, there is no extension by right clicking
First send the package to repeat in And then repeat Send to capcha-killer modular
Send successfully, click to get
The second step of actual combat Interface configuration
0x01 Interface configuration
The interface here is cloud coding platform ( The error rate is probably 5%):
POST /predict HTTP/1.1
Host: api.ttshitu.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Accept: application/json;
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_d92eb5418ecf5150abbfe0e505020254=1585994993,1586144399; SESSION=5ebf9c31-a424-44f8-8188-62ca56de7bdf; Hm_lpvt_d92eb5418ecf5150abbfe0e505020254=1586144399
Connection: close
Content-Type: application/json;charset=UTF-8
Content-Length: 109
{"username":" account number ","password":" password ","typeid":"3","image":"<@BASE64><@IMG_RAW></@IMG_RAW></@BASE64>"}
The recognition rate is shown in the figure above
The third step in actual combat Setting of blasting module
0x01 Set variables for the verification code
边栏推荐
- Web vulnerability - File Inclusion Vulnerability of file operation
- 内网渗透之内网信息收集(一)
- Ucos-iii learning records (11) - task management
- 附加简化版示例数据库到SqlServer数据库实例中
- 实验六 继承和多态
- 《英特尔 oneAPI—打开异构新纪元》
- 攻防世界MISC练习区(gif 掀桌子 ext3 )
- 【educoder数据库实验 索引】
- Harmonyos JS demo application development
- Data mining - a discussion on sample imbalance in classification problems
猜你喜欢
Callback function ----------- callback
强化学习基础记录
List and data frame of R language experiment III
Hackmyvm target series (7) -tron
内网渗透之内网信息收集(四)
7-7 7003 combination lock (PTA program design)
强化学习基础记录
记一次,修改密码逻辑漏洞实战
Intensive literature reading series (I): Courier routing and assignment for food delivery service using reinforcement learning
小程序web抓包-fiddler
随机推荐
SRC mining ideas and methods
搭建域环境(win)
2022华中杯数学建模思路
Low income from doing we media? 90% of people make mistakes in these three points
1143_ SiCp learning notes_ Tree recursion
实验七 常用类的使用
HackMyvm靶機系列(3)-visions
. Net6: develop modern 3D industrial software based on WPF (2)
[data processing of numpy and pytoch]
DVWA (5th week)
强化学习基础记录
实验四 数组
Web vulnerability - File Inclusion Vulnerability of file operation
力扣152题乘数最大子数组
What language should I learn from zero foundation. Suggestions
Xray and Burp linked Mining
Force deduction 152 question multiplier maximum subarray
内网渗透之内网信息收集(五)
. How to upload XMIND files to Jinshan document sharing online editing?
7-4 散列表查找(PTA程序设计)