PHP & CURL EXPERT NEEDED TO SOLVE: CAPTCHA session reuse attack detected

skywalker55

skywalker55

Junior Member
Joined
Jan 29, 2010
Messages
123
Reaction score
110
Are you a php and curl expert?

I have a script that submits a form via curl which has recaptcha (iframe version) on it.

Im getting the following error:

CAPTCHA session reuse attack detected

If you can help or you have a working php script that succesfully does recapcher form submission...please PM me urgently
 
Advertise on BHW
curl_setopt($ch, 'CURLOPT_COOKIESESSION', true);
curl_setopt($ch, 'CURLOPT_FORBID_REUSE', true);
curl_setopt($ch, 'CURLOPT_FRESH_CONNECT', true);

You may also need to make use of the cookie file.
 
hey man...Thanks for your thoughts...I tried adding them but hasnt made any difference..

Its really frustrating ! My script succesfully logs in, gets the form, gets the recaptcha javascript file, then parses it for the image link, then submits it to bypasscaptcha API for decoding....

I get the right decoded value back and im thne submitting the form. Im just not sure how to stop it being flagged in this way ?

Do you have a working script that does the recaptcha part ? Have you solved this particular issue before ?
 
Here is my captcha code;

PHP: 
class Captcha {
        public static function getRecaptcha($recaptchaURL, $referer) {
                $http = new HTTP(false);
                $captcha_js = $http->GET($recaptchaURL, $referer);
                //echo $captcha_js;
                $l = explode("\n",$captcha_js);
                 foreach ($l as $ln) {
                        if (is_int(strpos($ln, 'challenge'))) {
                                $r['challenge'] = substr($ln, strpos($ln, "'")+1, strrpos($ln, "'")-strpos($ln, "'")-1);
                        }
                        if (is_int(strpos($ln, 'server :'))) {
                                $r['server'] = substr($ln, strpos($ln, "'")+1, strrpos($ln, "'")-strpos($ln, "'")-1);
                        }
                }
                $r['filename'] = '/tmp/'.md5(time().rand(1000,9999)).'.jpg';
                //Logger::log("ReCaptcha Challenge: {$r['challenge']}");
                $http->GETFILE($r['server'].'image?c='.$r['challenge'], $r['filename'], $referer);
                Logger::log("ReCaptcha downloaded");
                return $r;
        }
        public static function deathByCaptcha($filename) {
                global $conf;
                Logger::log("DeathByCaptcha request verstuurt");
                require_once 'dbc_client.3.php';
                $c = new DeathByCaptcha_client($conf['deathbycaptcha']['login'], $conf['deathbycaptcha']['passw']);
                if ($r = $c->decode($filename, 120)) {
                        Logger::log("DeathByCaptcha solution: {$r[1]}");
                        return $r;
                } else {
                        Logger::log("DeathByCaptcha timeout");
                        return null;
                }
        }
        public static function deathByCaptchaNotCorrect($id) {
                global $conf;
                require_once 'dbc_client.3.php';
                $c = new DeathByCaptcha_client($conf['deathbycaptcha']['login'], $conf['deathbycaptcha']['passw']);
                Logger::log("DeathByCaptcha wrong solution for $id");
                $c->report($id);
        }
}

And my HTTP class (curl):

PHP: 
class HTTP {
        private $cookies;
        private $useproxy;

        public function HTTP($useproxy=true) {
                $this->cookies = array();
                $this->useproxy = $useproxy;
        }

        public function POST($url, $postdata, $ref=null) {
                $postdata = http_build_query($postdata);
                $s = $this->prepareCurl($ref);
                curl_setopt($s,CURLOPT_URL,$url);
                curl_setopt($s,CURLOPT_POST, true);
                curl_setopt($s,CURLOPT_POSTFIELDS, $postdata);
                //Logger::log($url);
                return $this->filterCurlHeader($s);
        }

        public function POSTFILE($url, $postdata, $ref=null) {
                //$postdata = http_build_query($postdata);
                $s = $this->prepareCurl($ref);
                curl_setopt($s,CURLOPT_URL,$url);
                curl_setopt($s,CURLOPT_BINARYTRANSFER, true);
                curl_setopt($s,CURLOPT_POST, true);
                curl_setopt($s,CURLOPT_POSTFIELDS, $postdata);
                return $this->filterCurlHeader($s);
        }
        public function GET($url, $ref=null) {
                $s = $this->prepareCurl($ref);
                //Logger::log($url);
                curl_setopt($s,CURLOPT_URL,$url);
                return $this->filterCurlHeader($s);
        }

        public function GETFILE($url, $filename, $ref=null) {
                $s = $this->prepareCurl($ref);
                $fp = fopen($filename, "wb");
                curl_setopt($s, CURLOPT_HEADER, FALSE);
                curl_setopt($s, CURLOPT_URL, $url);
                curl_setopt($s, CURLOPT_FILE, $fp);
                curl_exec($s);
                curl_close($s);
                fclose($fp);
        }

        private function prepareCurl($ref) {
                $useragent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7";
               $s = curl_init();
                $this->setcookies($s);
                curl_setopt($s,CURLOPT_HTTPHEADER,array('Expect:'));
                curl_setopt($s,CURLOPT_USERAGENT,$useragent);
                if ($this->useproxy) curl_setopt($s,CURLOPT_PROXY,"localhost:8118");
                if (isset($ref)) curl_setopt($s,CURLOPT_REFERER, $ref);
                //curl_setopt($s,CURL_COOKIEJAR, dirname(__FILE__)."/cookie.txt");
                curl_setopt($s,CURLOPT_AUTOREFERER, true);
                curl_setopt($s,CURLOPT_FOLLOWLOCATION, true);
                curl_setopt($s,CURLOPT_MAXREDIRS, 5);
                curl_setopt($s,CURLOPT_RETURNTRANSFER, true);
                curl_setopt($s, CURLOPT_HEADER, true);
                return $s;
        }
        
        private function setcookies($s) {
                if (sizeof($this->cookies) == 0) return;
                foreach($this->cookies as $var => $val) {
                        $tmp[] = "$var=$val";
                }
                $cookiestring = implode(";", $tmp);
                curl_setopt($s, CURLOPT_COOKIE, $cookiestring);
        }
        private function filterCurlHeader($s) {
                $c = curl_exec($s);
                curl_close($s);
               $tmp = explode("\r\n\r\n", $c);
                $header = $tmp[0];
                array_shift($tmp);
                $content = implode("\r\n\r\n", $tmp);
                $lines = explode("\n", $header);
                foreach ($lines as $line) {
                        if (is_int(strpos($line, "Set-Cookie:"))) {
                                $tmp = explode(":", $line);
                                $tmp = explode(";", $tmp[1]);
                                list($var,$val) = explode("=", trim($tmp[0]));
                                $this->cookies[$var] = $val;
                        }
                }
                return $content;
        }
        public function getCleanHTMLDOM($t) {
                $tidy = tidy_parse_string($t);
                $tidy->cleanRepair();
                $dom = DOMDocument::loadHTML($tidy);
        }
}
Default Proxy setting is TOR on linux (localhost:8118)
You will probably need to remove the Logger::log lines or create a logger class.

PHP: 
class Logger {
        public static function log($msg) {
                $c = debug_backtrace();
                $c = strtolower($c[1]['class']);
                if (empty($c)) $c = "main";
                $time = date("H:i:s");
                echo "[$time::$c] $msg\n";
                //DB::log($c ,$msg);
        }
}
 
Last edited:
Thanks so much for posting your code. I really appreciate it. I will run some tests when I get home from work and do comparrisons with my existing code and hopefully get it sorted out. Thanks again
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top