1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP & CURL EXPERT NEEDED TO SOLVE: CAPTCHA session reuse attack detected

Discussion in 'Hire a Freelancer' started by skywalker55, Jun 1, 2012.

  1. skywalker55

    skywalker55 Junior Member

    Joined:
    Jan 29, 2010
    Messages:
    123
    Likes Received:
    109
    Occupation:
    Web App Development
    Location:
    London
    Are you a php and curl expert?

    I have a script that submits a form via curl which has recaptcha (iframe version) on it.

    Im getting the following error:

    CAPTCHA session reuse attack detected

    If you can help or you have a working php script that succesfully does recapcher form submission...please PM me urgently
     
  2. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    curl_setopt($ch, 'CURLOPT_COOKIESESSION', true);
    curl_setopt($ch, 'CURLOPT_FORBID_REUSE', true);
    curl_setopt($ch, 'CURLOPT_FRESH_CONNECT', true);

    You may also need to make use of the cookie file.
     
  3. skywalker55

    skywalker55 Junior Member

    Joined:
    Jan 29, 2010
    Messages:
    123
    Likes Received:
    109
    Occupation:
    Web App Development
    Location:
    London
    hey man...Thanks for your thoughts...I tried adding them but hasnt made any difference..

    Its really frustrating ! My script succesfully logs in, gets the form, gets the recaptcha javascript file, then parses it for the image link, then submits it to bypasscaptcha API for decoding....

    I get the right decoded value back and im thne submitting the form. Im just not sure how to stop it being flagged in this way ?

    Do you have a working script that does the recaptcha part ? Have you solved this particular issue before ?
     
  4. saxgod

    saxgod Regular Member

    Joined:
    Sep 19, 2010
    Messages:
    351
    Likes Received:
    337
    Here is my captcha code;

    PHP:
    class Captcha {
            public static function 
    getRecaptcha($recaptchaURL$referer) {
                    
    $http = new HTTP(false);
                    
    $captcha_js $http->GET($recaptchaURL$referer);
                    
    //echo $captcha_js;
                    
    $l explode("\n",$captcha_js);
                     foreach (
    $l as $ln) {
                            if (
    is_int(strpos($ln'challenge'))) {
                                    
    $r['challenge'] = substr($lnstrpos($ln"'")+1strrpos($ln"'")-strpos($ln"'")-1);
                            }
                            if (
    is_int(strpos($ln'server :'))) {
                                    
    $r['server'] = substr($lnstrpos($ln"'")+1strrpos($ln"'")-strpos($ln"'")-1);
                            }
                    }
                    
    $r['filename'] = '/tmp/'.md5(time().rand(1000,9999)).'.jpg';
                    
    //Logger::log("ReCaptcha Challenge: {$r['challenge']}");
                    
    $http->GETFILE($r['server'].'image?c='.$r['challenge'], $r['filename'], $referer);
                    
    Logger::log("ReCaptcha downloaded");
                    return 
    $r;
            }
            public static function 
    deathByCaptcha($filename) {
                    global 
    $conf;
                    
    Logger::log("DeathByCaptcha request verstuurt");
                    require_once 
    'dbc_client.3.php';
                    
    $c = new DeathByCaptcha_client($conf['deathbycaptcha']['login'], $conf['deathbycaptcha']['passw']);
                    if (
    $r $c->decode($filename120)) {
                            
    Logger::log("DeathByCaptcha solution: {$r[1]}");
                            return 
    $r;
                    } else {
                            
    Logger::log("DeathByCaptcha timeout");
                            return 
    null;
                    }
            }
            public static function 
    deathByCaptchaNotCorrect($id) {
                    global 
    $conf;
                    require_once 
    'dbc_client.3.php';
                    
    $c = new DeathByCaptcha_client($conf['deathbycaptcha']['login'], $conf['deathbycaptcha']['passw']);
                    
    Logger::log("DeathByCaptcha wrong solution for $id");
                    
    $c->report($id);
            }
    }
    And my HTTP class (curl):

    PHP:
    class HTTP {
            private 
    $cookies;
            private 
    $useproxy;

            public function 
    HTTP($useproxy=true) {
                    
    $this->cookies = array();
                    
    $this->useproxy $useproxy;
            }

            public function 
    POST($url$postdata$ref=null) {
                    
    $postdata http_build_query($postdata);
                    
    $s $this->prepareCurl($ref);
                    
    curl_setopt($s,CURLOPT_URL,$url);
                    
    curl_setopt($s,CURLOPT_POSTtrue);
                    
    curl_setopt($s,CURLOPT_POSTFIELDS$postdata);
                    
    //Logger::log($url);
                    
    return $this->filterCurlHeader($s);
            }

            public function 
    POSTFILE($url$postdata$ref=null) {
                    
    //$postdata = http_build_query($postdata);
                    
    $s $this->prepareCurl($ref);
                    
    curl_setopt($s,CURLOPT_URL,$url);
                    
    curl_setopt($s,CURLOPT_BINARYTRANSFERtrue);
                    
    curl_setopt($s,CURLOPT_POSTtrue);
                    
    curl_setopt($s,CURLOPT_POSTFIELDS$postdata);
                    return 
    $this->filterCurlHeader($s);
            }
            public function 
    GET($url$ref=null) {
                    
    $s $this->prepareCurl($ref);
                    
    //Logger::log($url);
                    
    curl_setopt($s,CURLOPT_URL,$url);
                    return 
    $this->filterCurlHeader($s);
            }

            public function 
    GETFILE($url$filename$ref=null) {
                    
    $s $this->prepareCurl($ref);
                    
    $fp fopen($filename"wb");
                    
    curl_setopt($sCURLOPT_HEADERFALSE);
                    
    curl_setopt($sCURLOPT_URL$url);
                    
    curl_setopt($sCURLOPT_FILE$fp);
                    
    curl_exec($s);
                    
    curl_close($s);
                    
    fclose($fp);
            }

            private function 
    prepareCurl($ref) {
                    
    $useragent "Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7";
                   
    $s curl_init();
                    
    $this->setcookies($s);
                    
    curl_setopt($s,CURLOPT_HTTPHEADER,array('Expect:'));
                    
    curl_setopt($s,CURLOPT_USERAGENT,$useragent);
                    if (
    $this->useproxycurl_setopt($s,CURLOPT_PROXY,"localhost:8118");
                    if (isset(
    $ref)) curl_setopt($s,CURLOPT_REFERER$ref);
                    
    //curl_setopt($s,CURL_COOKIEJAR, dirname(__FILE__)."/cookie.txt");
                    
    curl_setopt($s,CURLOPT_AUTOREFERERtrue);
                    
    curl_setopt($s,CURLOPT_FOLLOWLOCATIONtrue);
                    
    curl_setopt($s,CURLOPT_MAXREDIRS5);
                    
    curl_setopt($s,CURLOPT_RETURNTRANSFERtrue);
                    
    curl_setopt($sCURLOPT_HEADERtrue);
                    return 
    $s;
            }
            
            private function 
    setcookies($s) {
                    if (
    sizeof($this->cookies) == 0) return;
                    foreach(
    $this->cookies as $var => $val) {
                            
    $tmp[] = "$var=$val";
                    }
                    
    $cookiestring implode(";"$tmp);
                    
    curl_setopt($sCURLOPT_COOKIE$cookiestring);
            }
            private function 
    filterCurlHeader($s) {
                    
    $c curl_exec($s);
                    
    curl_close($s);
                   
    $tmp explode("\r\n\r\n"$c);
                    
    $header $tmp[0];
                    
    array_shift($tmp);
                    
    $content implode("\r\n\r\n"$tmp);
                    
    $lines explode("\n"$header);
                    foreach (
    $lines as $line) {
                            if (
    is_int(strpos($line"Set-Cookie:"))) {
                                    
    $tmp explode(":"$line);
                                    
    $tmp explode(";"$tmp[1]);
                                    list(
    $var,$val) = explode("="trim($tmp[0]));
                                    
    $this->cookies[$var] = $val;
                            }
                    }
                    return 
    $content;
            }
            public function 
    getCleanHTMLDOM($t) {
                    
    $tidy tidy_parse_string($t);
                    
    $tidy->cleanRepair();
                    
    $dom DOMDocument::loadHTML($tidy);
            }
    }
    Default Proxy setting is TOR on linux (localhost:8118)
    You will probably need to remove the Logger::log lines or create a logger class.

    PHP:
    class Logger {
            public static function 
    log($msg) {
                    
    $c debug_backtrace();
                    
    $c strtolower($c[1]['class']);
                    if (empty(
    $c)) $c "main";
                    
    $time date("H:i:s");
                    echo 
    "[$time::$c$msg\n";
                    
    //DB::log($c ,$msg);
            
    }
    }
     
    • Thanks Thanks x 1
    Last edited: Jun 1, 2012
  5. skywalker55

    skywalker55 Junior Member

    Joined:
    Jan 29, 2010
    Messages:
    123
    Likes Received:
    109
    Occupation:
    Web App Development
    Location:
    London
    Thanks so much for posting your code. I really appreciate it. I will run some tests when I get home from work and do comparrisons with my existing code and hopefully get it sorted out. Thanks again