Bypassing CAPTCHAs
In this article, we're going to use 'buster', a tool in the Google Chrome and Firefox add-on stores that will easily bypass CAPTCHA services.
Anti-Automation, also known as rate limiting prevents attackers from using tools and bots to repeatedly conduct actions within a platform. For example, a web application may resell event tickets which are posted by application users. A bot may be executed by an attacker to repeatedly use the search functionality until a set of tickets are available to buy.
This would strain the web servers computing resources but also be an unfair advantage to the attacker by gaining the ability to buy the tickets quicker than others. To prevent this occurrence, anti-automation could be used to ensure malicious users are not able to automate a process that should be performed via manual interactions. Anti-automation may be present in various forms. For example, Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA), WAF, API Request limiting and more.
CAPTCHAS ARE NOT EFFECTIVE
It is really easy to bypass CAPTCHA services that use picture or audio puzzles.
Commonly, Google CAPTCHA V2 is used on web platforms and is vulnerable to bypass due to one of several reasons. These being CAPTCHA farms, Optical Character Recognition and audio to text services.
In this article, we're going to use 'buster', a tool in the Google Chrome and Firefox add-on stores that will easily bypass CAPTCHA services:
Using this tool with along with Google's own speech-to-text service, you can bypass CAPTCHAs using the following steps:
- Sign up to G-Cloud and enable Speech-To-Text
a. https://console.cloud.google.com/speech/
b. Create G-Cloud API Key - Download Buster Firefox plugin
a. https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver - Set G-Cloud API Key within Buster options
- Bypass captcha
As shown via the image below, CAPTCHAs will now have a button which will solve the puzzle for you. CAPTCHA Bypassed!