Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to remove the picture verification code", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to remove the picture verification code.

The past Life and present Life of ➤ CAPTCHA

Completely Automated Public Turing test to tell Computers and HumansApart (CAPTCHA), commonly known as CAPTCHA, which automatically distinguishes computers from humans, is a fully automated program that distinguishes users from computers or people.

Standard verification code

Standard CAPTCHA is our common graphic CAPTCHA and speech CAPTCHA. Based on the fact that it is difficult for machines to deal with complex computer vision and speech recognition problems, human beings can easily distinguish between humans and machines.

Innovative CAPTCHA

Innovative CAPTCHA is an innovative interactive optimal CAPTCHA based on the core idea of the first generation CAPTCHA (human knowledge can be answered, but the computer is difficult to answer). The second generation CAPTCHA develops a large number of innovative CAPTCHAs based on the core principle of the first generation CAPTCHA: "the difference of knowledge between man and machine".

No knowledge verification code

The biggest feature of knowledge-free CAPTCHA is that it is no longer based on knowledge for man-machine judgment, but on the basis of human inherent biological characteristics and operational environmental information comprehensive decision-making to determine whether it is a human or a machine. Such as ReCaptcha of Google.

Technical confrontation of ➤ graphic CAPTCHA in development

The main results are as follows: (1) to avoid triggering the introduction of CAPTCHA will lead to the decrease of user friendliness, the increase of CAPTCHA input and the possible errors in CAPTCHA recognition will bring bad use experience. For websites pursuing user experience, the strategy adopted is that the CAPTCHA function is not enabled by default when there is no suspicious behavior, and the CAPTCHA appears only when the suspicious behavior identification rule is triggered. Based on this principle, for the attacker, it is to avoid triggering the possible CAPTCHA rules as far as possible. Generally, suspicious behavior identification is carried out by checking the behavior of frequent attempts and errors, and the countermeasure based on this is to use different IP to try, or wait for enough time to try again, so that the target website program thinks that these attempts are normal access requests, so that the verification code will not appear in the continuous operation of the automation program to achieve the purpose of bypass.

(2) the CAPTCHA code is fixed. As can be seen from the previous captcha fixed problem description, the attacker can no longer actively trigger the CAPTCHA to generate the page after obtaining the first CAPTCHA in the same session, and the following form operation can be carried out by using the first CAPTCHA all the time, thus bypassing the barrier effect of the CAPTCHA.

(3) CAPTCHA machine automatically recognizes CAPTCHA, the main principle is that the font feature library within the range of CAPTCHA is established in advance by a certain algorithm, and then the CAPTCHA to be recognized is generated by the same algorithm. Compare with the previously saved feature library, and then get the value of the picture CAPTCHA. In general, the recognition process has the process shown in the following figure:

(4) Deep learning-with the development of login image verification code of GANs network website, the biggest threat encountered may be deep learning, especially the emergence of GANs network, which makes the image verification code encounter the strongest opponent.

Analysis of ➤ Picture Verification Code

As virtue rises one foot vice rises ten

Image CAPTCHA is constantly developing in order to avoid some abnormal user operations. No matter how the graphic CAPTCHA develops, it is ultimately the means to crack the attacker, which is the so-called "as virtue rises one foot vice rises ten". For example, China Train 12306's picture point selection CAPTCHA, not only did not block scalpers, but made it easier for scalpers to grab tickets.

Why do I always get hurt?

In the competition between developers and attackers, nothing is more affected than our users. All kinds of strange and complex CAPTCHAs are not designed to test hackers, but to test users.

The picture of CAPTCHA is often so distorted that the human eye can't recognize it. This is particularly evident in words that have no real meaning, like "rl10Ozirl". Is the lowercase letter "L" or the number "1" used in it? Is it the number "0" or the letter "O"? Real users really go through a lot of hardships on the way to use. no, no, no. No, no, no. Why am I always hurt?

Wasting everyone's precious time

The research and development team at Carnegie Mellon University estimates that the global population spends up to 15 weeks a day at the entrances to these annoying barriers. There is a new type of CAPTCHA, the multiple CAPTCHA (reCaptcha), which at least spends its time on the creation of public value. The picture you see is a vague word truncated from poorly scanned Weibo books; by typing the spelling of the word, you are helping Google process and recognize a valid text.

Even so, we well-behaved users still waste 17 years every day. This is a shameful waste of life. What users really want is to get rid of these extra operations.

➤, remove the picture CAPTCHA. What do we use?

Risk control firewall

Risk control firewall is a kind of substitute specially applied to the original image verification scenario developed in recent years. It will completely ban the original image CAPTCHA and maximize the user experience. Distinguish between normal users and abnormal users when the user has no feeling at all. Through AI three-dimensional defense mechanism, real-time prevention and control. Users no longer have to worry about ("CAPTCHA input error!" (annoying hint).

How to use ➤ risk Control Firewall step 1: get the Firewall account key

Enter the firewall console, select "website Management" in the left navigation bar, go to the website management page, and click "send to email" to receive the key.

Step 2: download the firewall server

Go to the official website of Xinxin Science and Technology, select "solution" > "download Center" in the top navigation bar, enter the download center page, find the SMS firewall server installation package, and click "download Link" to download it.

Step 3: access the front and back end of the business system to the front end of the web:

Java adds the following code to the JS file at the appropriate location on the page (inside the tag):

PHP adds the following code to the JS file at the appropriate location on the page (inside the tag):

Backend access:

Java

Modify the configuration (and the business system does not need to be modified):

Newxtc.ini (location: "/ WEB-INF/classes/newxtc.ini") modify parameters (fireWareUrl)-- > fireWareUrl= http://localhost:7502

Send a short message

Public RetMsg smsSend (HttpServletRequest request, HttpServletResponse response, String clientMobile) {RetMsg retMsg = new RetMsg (- 1, "system exception"); FwClient fwClient = new FwClientImpl (); try {/ / 1 call [SMS Firewall] SMS request HashMap

ParamMap = fwClient.getSendReq (request, clientMobile); String jsonReq = fwClient.execReq (paramMap); String smsSendRet = fwClient.getRetVaule (jsonReq, "riskResult"); if ("REJECT" .equals (smsSendRet)) {retMsg.setRet (3); retMsg.setMsg ("requests too frequently") } else {/ / Service TODO / / call SMS API TODO / / call SMS API end if (smsRetMsg! = null & & smsRetMsg.getRet () = 0) {/ / 2 call [SMS Firewall] success result fwClient.execSucc (paramMap) Logger.debug ("send succ"); retMsg.setRet (0); retMsg.setMsg ("CAPTCHA sent successfully");} else {/ / 2 failed to call [SMS Firewall] result SmsVerifyCache.getInstance () .remove (clientMobile); fwClient.execFail (paramMap) RetMsg.setRet (- 1); retMsg.setMsg ("failed to send CAPTCHA");} catch (Exception e) {for (StackTraceElement elment: e.getStackTrace ()) {logger.error (elment.toString ());}} return retMsg;}

SMS verification

Public RetMsg smsVerify (HttpServletRequest request, HttpServletResponse response, String clientMobile, String smsVerifyCode) {FwClient fwClient = new FwClientImpl (); RetMsg retMsg = new RetMsg (- 1, "system exception"); if (smsVerifyCode = = null | | smsVerifyCode.isEmpty ()) {retMsg.setRet (1); retMsg.setMsg ("input verification code is empty");} else {/ / 1 call [SMS Firewall] verification request HashMap

ParamMap = fwClient.getVerifyReq (request, clientMobile); / / request firewall String jsonReq = fwClient.execReq (paramMap); / / message processing String smsSendRet = fwClient.getRetVaule (jsonReq, "riskResult"); if ("REJECT" .equals (smsSendRet)) {retMsg.setRet (3); retMsg.setMsg ("request too frequently") } / / Business TODO if (cacheSmsVerify! = null & & cacheSmsVerify.getVerifyCode ()! = null & &! cacheSmsVerify.getVerifyCode () .isEmpty ()) {if (cacheSmsVerify.getVerifyCode () .equals (smsVerifyCode)) {retMsg.setRet (0); retMsg.setMsg ("Verification successful") } else {retMsg.setRet (1); retMsg.setMsg ("CAPTCHA error");} else {retMsg.setRet (- 9); retMsg.setMsg ("CAPTCHA timeout") } if (retMsg.getRet () = = 0) {/ / 2 call [SMS firewall] success result fwClient.execSucc (paramMap);} else {/ / 2 call [SMS firewall] failure result fwClient.execFail (paramMap);}} return retMsg;}

PHP

Modify the configuration file (and the business system does not need to be modified):

Nxt_ini.php (location: "\ nxt_inc") modify the parameter ($GLOBALS ["fireWareUrl"])-- > $GLOBALS ["fireWareUrl"] = "http://localhost:7502""

Send a short message

Require_once $_ SERVER ['DOCUMENT_ROOT']. "/ nxt_inc/nxt_client.php"; / * send SMS * @ param $mobile * / publicfunction send (string $mobile) {$fwClient = new ClientApi (); / / get the next SMS message $paramMap = $fwClient-> getSendReq ($phone); / / execute the SMS request $jsonReq = $fwClient-> execReq ($paramMap); $fwRet = $fwClient-> getRetVaule ($jsonReq, "riskResult") If ("REJECT"! = $fwRet) {/ / send SMS service TODO if (send success flag) {/ / send SMS successfully $fwClient-> execSucc ($paramMap);} else {/ / failed to send SMS $fwClient-> execFail ($paramMap);}

SMS verification

/ * param $mobile * / publicfunction smsVerify (string $mobile) {$fwClient = new ClientApi (); / / get SMS verification message $paramMap = $fwClient-> getVerifyReq ($phone); / / execute SMS verification request $jsonReq = $fwClient-> execReq ($paramMap); $fwRet = $fwClient-> getRetVaule ($jsonReq, "riskResult") If ("REJECT"! = $fwRet) {/ / verify SMS service TODO if (verify success flag) {/ / verify SMS success $fwClient-> execSucc ($paramMap);} else {/ / verify SMS failed $fwClient-> execFail ($paramMap);}} step 4: view risk control data

Defense interception data panoramic view, real-time view of today's data details and recent risk trends. Through the risk control data Kanban, you can view the validation of 1-30 days, the interception of risk control and the AI model triggered by verification events.

Enter the firewall console, select "risk Market" in the left navigation bar, and enter the risk Market page.

At this point, I believe you have a deeper understanding of "how to remove the picture CAPTCHA". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.