1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Researcher Breaks reCAPTCHA

Discussion in 'BlackHat Lounge' started by JustUs, Mar 2, 2017.

  1. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Google's reCAPTCHA fields using another Google service, the Speech Recognition API.

    The proof-of-concept code the researcher released allows attackers to automate the process of bypassing reCAPTCHA fields, currently used on millions of sites to keep out spam bots.

    The attack is incredibly simple and works by downloading a version of the reCAPTCHA audio challenge, feeding it into Google's Speech Recognition API, getting the text-version of the audio challenge, and feeding it back into the reCAPTCHA field

    Proof of concept code:
    https://github.com/eastee/rebreakcaptcha
     
    • Thanks Thanks x 3
  2. Mike Hill

    Mike Hill BANNED BANNED

    Joined:
    Feb 1, 2017
    Messages:
    138
    Likes Received:
    66
    heh thats funny
     
  3. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,502
    Likes Received:
    8,428
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
  4. AleeGS

    AleeGS Regular Member

    Joined:
    Jul 15, 2015
    Messages:
    312
    Likes Received:
    85
    Location:
    ARG
    Genius
     
  5. Heisenberg

    Heisenberg Jr. VIP Jr. VIP

    Joined:
    Sep 11, 2014
    Messages:
    720
    Likes Received:
    375
    Occupation:
    Freelancer
    Location:
    Croatia
    Thats what happens when you think outside the box.
     
  6. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    Make me think outside the box


    But then we have the cat in the box.

     
    Last edited: Mar 2, 2017
  7. terrycody

    terrycody Elite Member

    Joined:
    Sep 29, 2012
    Messages:
    1,521
    Likes Received:
    429
    Occupation:
    marketer
    Location:
    Hell
    Read the comment in author's blog, its not working as thought.
     
  8. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    It is proof of concept. POC code does not always work the way people think it will, but it does work. Rather than rinse and repeat when it does not work, the people complaining that it does not work should modify the code.
     
    • Thanks Thanks x 1
  9. Google Prince

    Google Prince Jr. VIP Jr. VIP

    Joined:
    Dec 24, 2015
    Messages:
    171
    Likes Received:
    110
    Location:
    Google's Search Engine
    Google hold this L for allowing people to use your own service to bypass another service of your own ahahaha
     
    • Thanks Thanks x 1