Can I read web page with captcha, and display captcha on my page. Then write text in textbox and post it to original page?
Is that possible?
:?: Captcha question
Moderator: General Moderators
Why shouldn't taht be possible? All he has to do is copy the image and display it. Then you let a user "decypher" that image and post the answer to the site.
This is a technique a lot of spammers use to register e-mail accounts etc. In return the monkeys "decyphering" get a couple of paswords for xxx sites or very minimum wages.
This is a technique a lot of spammers use to register e-mail accounts etc. In return the monkeys "decyphering" get a couple of paswords for xxx sites or very minimum wages.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
From Catpcha - Circumvention.
Wikipedia wrote:Some free e-mail providers have used captchas in account registration, to deter spammers from obtaining large numbers of accounts automatically. Spammers have found a way to circumvent this restriction: simply present the captcha to a human user under false pretenses, and use the human's response to obtain the e-mail account.
To do this, the spammer must control a Web site to which human users wish to gain access — for instance, a pornography site. When a user goes to the spammer's porn site, the server starts a new account registration at the free e-mail provider. It downloads the provider's captcha and presents it to the user as a captcha for access to the porn site. The user, not knowing that the captcha is recycled, provides the correct response — and the spammer's software can then complete the e-mail account registration.
It may also be possible to subvert captchas by relaying them to a sweatshop of human operators who are employed to decode captchas. The W3C paper linked below states that such an operator "could easily verify hundreds of them each hour". Nonetheless, some have suggested that this would still not be economically viable. (e.g. [1])
Mori et al. published a paper in IEEE CVPR'03 detailing a method for defeating one of the most popular Captchas, EZ-Gimpy, which was tested as being 92% accurate. The same method was also shown to defeat the more complex and less-widely deployed Gimpy program with an accuracy of 33%. However, the existence of implementations of their algorithm "in the wild" is indeterminate at this time.
Automated attacks on captchas are also growing more sophisticated. Projects like PWNtcha have made significant progress in defeating commonly used captchas, which has contributed to a general migration towards more sophisticated captchas.
There is also a way to circumvent the CAPTCHA protection without using OCR or free porn sites; simply by re-using the session ID of a known CAPTCHA image. See the article on puremango.co.uk for detailed information about this type of attack
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
http://en.wikipedia.org/wiki/Sarcasmtimvw wrote:Why shouldn't taht be possible? All he has to do is copy the image and display it. Then you let a user "decypher" that image and post the answer to the site.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US