Shulou(Shulou.com)05/31 Report--

How to simply bypass the man-machine authentication Captcha, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

The Writeup shared today is a simple human-machine authentication (Captcha) bypass method found by the author in the target website vulnerability test. Captcha bypass is realized by using Chrome developer tools to simply edit the login page of the target website.

Man-machine authentication (Captcha) usually appears on the registration, login, and password reset pages of the website. The following is the Captcha mechanism that the target site places on the login page.

As you can see from the image above, the login button (Sign-IN) will not be enabled for users to click until the "I'm not a robot" of the Captcha authentication mechanism is checked. So, based on this, I right-clicked the Sign-In button, and then used the Inspect Element function of the Chrome developer tool to look at the underlying elements of the Sign-In button, only to find that it defined the "Disable" attribute after the "Submit" action. Well, I'll try changing it to "Enable".

With this change, the login button (Sign-IN) is displayed and clickable, well, I'm not really a robot, and human-machine authentication (Captcha) has become a fixture here.

I was curious about the verification method of the server, so I grabbed the above process with BurpSuite and found that the server did not verify the Captcha operation submitted by the user at the beginning, so even if I deleted the submitted Captcha session, I could still jump to the login page without triggering the "Enable" attribute.

After reading the above, have you mastered how to simply bypass the human-machine authentication Captcha? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.