The battle against bots that are responsible for invading spam sites and trying to circumvent the security of each of the web pages has long been hardened. One of the most used tools to try to combat these annoying intruders are the google captcha, especially the version ReCaptcha V2, pero lamentablemente se ha difundido una vulnerabilidad en esta herramienta que permite resolver las captcha de manera automática.
The following purely educational article will allow us to violate the security of ReCaptcha V2, taking advantage of the audio option that it offers. The article is inspired by the next entry, in which the vulnerability is explained in detail and a script is offered that allows us to solve captchas automatically.
What is ReBreakCaptcha?
It is a free application that takes advantage of a vulnerability of ReCaptcha V2, for resolve captcha automatically, for this use the automation library S, the Google Speech Recognition Api and various algorithms.
The tool is quite simple, going through three phases, the first where it solves the popular captcha of «I am not a robot«, Then when the captcha to be solved comes out, choose the audio option, receive the audio and process it with the Google Speech Recognition ApiFinally, enter the numbers recognized by the Api and enter it in the captcha field.
The Google Speech Recognition Api may fail repeatedly, so ReBreakCaptchaYou try various alternatives until you get the right solution.
Install and configure ReBreakCaptcha
To make use of ReBreakCaptcha we must follow a few small steps, since the original script is patched with paths for Windows.
- First of all, we must install the necessary dependencies for the script to work:
sudo pip install pydub SpeechRecognition selenium
- Next we must clone the repository of the script:
git clone https://github.com/eastee/rebreakcaptcha.git
- We go to the cloned desktop and edit the class, with the corresponding paths for Linux.
cd rebreakcaptcha nano nano rebreakcaptcha.py
They should change the following information
# Firefox / Gecko Driver Related FIREFOX_BIN_PATH = r "C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe" GECKODRIVER_BIN = r "C: \ geckodriver.exe"
By the way in Linux
# Firefox / Gecko Driver Related FIREFOX_BIN_PATH = r "/ usr / bin / firefox" GECKODRIVER_BIN = r "/ usr / bin / geckodriver"
In the same way if you use python3, please replace
xrange
byrange
. We must also modify the URL where we want to apply the script (That is, the one we want the Script to solve).
We can do it in the line where the following appears:
RECAPTCHA_PAGE_URL = "https://www.google.com/recaptcha/api2/demo"
- Finally we must run ReBreakCaptcha, it will automatically open the browser with the url that has been indicated and carry out the process to resolve the captcha in question.
python3 rebreakcaptcha.py
Conclusions about ReBreakCaptcha
This script can be the basis to use it in various processes and in python with simple steps we can improve it. The use of this tool must be for educational use, and for the community in general it is important to disseminate it as it guarantees that we will soon have a patch that solves this vulnerability.
The vulnerability is active so far, so it is recommended that users who use ReCaptcha V2 complement your security with other tools, especially IP detection that repeatedly try to solve captchas.
and for windows?
You can use it as it comes from the repository
Good Lizard,
Thanks for sharing, although having read the original thread on https://east-ee.com/ It does not seem that the hit rate is remarkable, but many users point out that it is only capable of solving the easiest captchas at rates that are already low.
Regards!
Indeed, the hit rates are low (In the tests I carry out 1 out of every 7 they were resolved), however, the vulnerability exists and it is most likely that the tool is optimized so that these hit ratios rise.
Thanks for the article, the truth that it has served me a lot!
brother could you explain a little more about how to install it in windows?
Thanks for sharing lizard; direct to scoreboards to play a little later. Since it is in Python, you have to take advantage of.
A cordial greeting and grateful for the article, which is very good and interesting. I would like to please send me the scrypt for windows, since I can't find it anywhere, thank you very much for your time and attention.
It does not solve the capcha and sends me this warning
RuntimeWarning: Couldn't find ffmpeg or avconv - defaulting to ffmpeg, but may not work
warn ("Couldn't find ffmpeg or avconv - defaulting to ffmpeg, but may not work", RuntimeWarning
Hello I try to register on a page but when I enter I get CANNOT CONNECT WITH RECAPTCHA what does this mean, someone could help me
How to solve capcha of number of addition, subtraction, multiplication
and the download link?
I am looking for an application for capchat
What I want is to pass or open the captcha, I cannot pass them, they do not open
I need to solve the RECAPTCHA problem and I don't know how to do it, can you help me please
You can also use GoodByeCaptcha which implements image detection which avoids the Try Again problem when you try to solve the audio many times.