The battle against bots that are responsible for invading spam sites and trying to circumvent the security of each of the web pages has long been hardened. One of the most used tools to try to combat these annoying intruders are the google captcha, especially the version ReCaptcha V2, pero lamentablemente se ha difundido una vulnerabilidad en esta herramienta que permite resolver las captcha de manera automática.
The following purely educational article will allow us to violate the security of ReCaptcha V2, taking advantage of the audio option that it offers. The article is inspired by the next entry, in which the vulnerability is explained in detail and a script is offered that allows us to solve captchas automatically.
Table of Contents
What is ReBreakCaptcha?
It is a free application that takes advantage of a vulnerability of ReCaptcha V2, guidance on resolve captcha automatically, for this use the automation library S Google Speech Recognition Api and various algorithms.
The tool is quite simple, going through three phases, the first where it solves the popular captcha of «I am not a robot«, Then when the captcha to be solved comes out, choose the audio option, receive the audio and process it with the Google Speech Recognition ApiFinally, enter the numbers recognized by the Api and enter it in the captcha field.
The Google Speech Recognition Api may fail repeatedly, so ReBreakCaptchaYou try various alternatives until you get the right solution.
Install and configure ReBreakCaptcha
To make use of ReBreakCaptcha we must follow a few small steps, since the original script is patched with paths for Windows.
- First of all, we must install the necessary dependencies for the script to work:
sudo pip install pydub SpeechRecognition selenium
- Next we must clone the repository of the script:
git clone https://github.com/eastee/rebreakcaptcha.git
- We go to the cloned desktop and edit the class, with the corresponding paths for Linux.
cd rebreakcaptcha nano nano rebreakcaptcha.py
They should change the following information
# Firefox / Gecko Driver Related FIREFOX_BIN_PATH = r "C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe" GECKODRIVER_BIN = r "C: \ geckodriver.exe"
By the way in Linux
# Firefox / Gecko Driver Related FIREFOX_BIN_PATH = r "/ usr / bin / firefox" GECKODRIVER_BIN = r "/ usr / bin / geckodriver"
In the same way if you use python3, please replace
range. We must also modify the URL where we want to apply the script (That is, the one we want the Script to solve).
We can do it in the line where the following appears:
RECAPTCHA_PAGE_URL = "https://www.google.com/recaptcha/api2/demo"
- Finally we must run ReBreakCaptcha, it will automatically open the browser with the url that has been indicated and carry out the process to resolve the captcha in question.
Conclusions about ReBreakCaptcha
This script can be the basis to use it in various processes and in python with simple steps we can improve it. The use of this tool must be for educational use, and for the community in general it is important to disseminate it as it guarantees that we will soon have a patch that solves this vulnerability.
The vulnerability is active so far, so it is recommended that users who use ReCaptcha V2 complement your security with other tools, especially IP detection that repeatedly try to solve captchas.