Bypass Captcha using Python and Tesseract OCR engine

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".

In this post I am going to tell you guys how to crack weak captcha s using python and Tesseract OCR engine.Few days back I was playing around with an web application.The application was using a captcha as an anti automation technique when taking users feedback.

First let me give you guys a brief idea about how the captcha was working in that web application.
Inspecting the captcha image I have found that the form loads the captcha image in this way:
<img src="http://www.site.com/captcha.php"> 
From this you can easily understand that the “captcha.php” file returns an image file.
If we try access the url http://www.site.com/captcha.php each and every time it generates an image with a new random digit.
To make this clearer to you, Let me give you an example
Suppose after opening the feedback form you got few text fields and a captcha.Suppose at a certain time the captcha loaded with a number for ex. "4567".
So if you use that code "4567" the form will be submitted successfully.

Now the most interesting thing was if you copy the captcha image url (which is http://www.site.com/captcha.php in this case) and open the image in new tab of same browser ,the cpatcha will load with a different number as I have told you earlier. Suppose you have got "9090" this time. Now if you try to submit the feedback form with the number that’s was loaded earlier with the feedback form( which was "4567" )the application will not accept that form. If you enter “9090” then the application will accept that form.
For more clear idea I have created this simple Fig.


Now my strategy to bypass this anti automation techniques was
1)Download the image only from 
http://www.site.com/captcha.php 
2)Feed that image to OCR Engine
3)Craft an http POST request with all required parameter and the decoded captcha code, and POST it.

Now what is happening here??

When you are requesting the image file, the server will do steps 1 to 5 as shown in figure.
Now when we are posting the http request, the server will match the received captcha code with the value that was temporarily stored. Now the code will definitely match and server will accept the form.

Now I have used this Python Script to automated this entire process.


from PIL import Image
import ImageEnhance
from pytesser import *
from urllib import urlretrieve
 
def get(link):
    urlretrieve(link,'temp.png')
 
get('http://www.site.com/captcha.php');
im = Image.open("temp.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("temp2.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")
 
imgx = Image.open('temp2.png')
imgx = imgx.convert("RGBA")
pix = imgx.load()
for y in xrange(imgx.size[1]):
    for x in xrange(imgx.size[0]):
        if pix[x, y] != (0, 0, 0, 255):
            pix[x, y] = (255, 255, 255, 255)
imgx.save("bw.gif", "GIF")
original = Image.open('bw.gif')
bg = original.resize((116, 56), Image.NEAREST)
ext = ".tif"
bg.save("input-NEAREST" + ext)
image = Image.open('input-NEAREST.tif')
print image_to_string(image)

Here I am only posting code of OCR engine. If your are a python lover like me you can use "httplib" python module to do the rest part.This script is not idependent. pytesser python module is requred to run this script.PyTesser is an Optical Character Recognition module for Python. It takes as input an image or image file and outputs a string.
PyTesser uses the Tesseract OCR engine, converting images to an accepted format and calling the Tesseract executable as an external script.

You can get this package @ http://code.google.com/p/pytesser/

The script works in this way.
1)First the script will download the captcha image using python module "urlretrive"
After that It will try to clean backgroug noises.

2)When this is done the script will make the image beigger to better understading.
3)At last it will feed that processed image to OCR engine.
Here is another python script which is very useful while testing captchas.You can add these line to your script if the taget captcha image is too small.This python script can help you to change resolution of any image.


from PIL import Image
import ImageEnhance

im = Image.open("test.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("final_pic.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")

Thanks for reading.I hope It was helpful.Feel free to share and drop comments.

Comments

  1. Really nice! I was looking for that!

    I will surely test it out!

    ReplyDelete
  2. Nice work mate! Trying out the same this weekend!

    ReplyDelete
  3. Great research and nice way to tell

    ReplyDelete
  4. could you give examples for capchas below?

    ReplyDelete
    Replies
    1. I have tested this with very easy one! similar to this one

      https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71

      and it was almost 100% accurate!

      Delete
    2. i try it do to for this, 0% ))
      https://dl.dropbox.com/u/59666091/1.png
      https://dl.dropbox.com/u/59666091/2.png

      Delete
    3. Maybe you can help me with doint symbols more in line (not changing in sinus) and also do something with background? Thank you. Will wait for you answer.

      Delete
  5. with
    https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71
    it gives me result = I bra

    ReplyDelete
  6. Ӏ've read some excellent stuff here. Certainly price bookmarking for revisiting. I wonder how much effort you put to create such a wonderful informative website.
    Also see my web site > Facebook Captcha

    ReplyDelete
  7. If somebody needs only digits recognition in pytesser then feel free to see my sollution http://ppiotrow.blogspot.com/2013/01/pytesser-only-digits-recognition.html

    ReplyDelete
  8. Every fuel hose that connects an external gas tank to an outboard engine has an arrow printed on its hand pump that small bladder that contains a check valve and sends fuel from tank to engine with a few squeezes.

    ReplyDelete
  9. Hey!

    I used your results in order to break (not very eficient) hard CAPTCHAS (Source #2):

    http://bokobok.fr/bypassing-a-captcha-with-python/

    ReplyDelete
  10. OK I WILL TRY......

    ReplyDelete
  11. Hello Everyone,

    I tried your code but it is not able to recognize such captcha:
    http://i46.tinypic.com/2mxiexv.jpg
    http://i49.tinypic.com/n53lth.jpg

    I will appreciate your answers.

    ReplyDelete
  12. Wow! its realy useful to us, its easy to follow and implement! Thank you for your exciting information,..

    Easy Captcha Solving

    ReplyDelete
  13. hurray...............this is very informative and useful.........................................thanks for sharing.............keep blogging.............

    captcha bypass services

    ReplyDelete
  14. Hi Mandal,
    first I have to note that I'm new to Python. I tried your code, and had to do a few modifications to make it work with particular Captcha I'm using. I can post the code, 'cause my personal opinion that works much better. The problem I have is making the part with httplib. Once I've decoded the Captcha, I cannot find the way tricking it that it came from the original source (I'm using it to log in to a website that has 10 min inactivity logout policy, while log in has a lot of queries that need to be manually typed).
    Anyway, your code was very helpful, and a great startup point.
    Thanks,
    M.Zinovic

    ReplyDelete
  15. Hi,
    the captcha that i am trying to break is http://www.afreesms.com/image.php
    it's an easy 7 letter code. always the same type of letter, color, size. MY problem is: I am a noob. I don't know what i must do in order to get this working. If someone could hel, that would be great.

    thanks

    ReplyDelete
  16. Hi,
    Look like the DecaptchaBlog is very excellent, I like to read source code and Decaptcha verification then Bypasscaptcha explanation is very excellent.. the Decaptchaand the Bypasscaptcha is very useful for your guidance.. Really great informativ blog..
    Thanks to all..
    Decaptcha

    ReplyDelete
  17. thanks for this post. best advance Pythan courses in Bangalore.https://onlineidealab.com/learn-python/

    ReplyDelete
  18. Thanks for this nice information.
    Mukul Sharma   When the film “Birds of Prey” was released on 07 Feb 2020, trade pundits projected it to gross $50 to $55 million during the opening weekend in the US and Canadian markets. Warner Bros, the distributors of the film had their own projection pegged at $45 million. However, It could muster only […]
    https://onlineidealab.com/warner-bros-loses-22-million-in-a-weekend-due-to-poor-seo/

    ReplyDelete
  19. Earn Rs.25000/- per month - Simple online Jobs - Are You Looking for Home-Based Online Jobs? - Are You a Student, Housewife, jobseeker ? - Are you ready to Work 1 to 2 Hours daily Online? - Do You need Guaranteed Payment Monthly? Then this is for You, - Clicking on their Advertisement E-mails. - Submitting their Data\'s online. - Reading their Advertisement Sms. - Filling Forms on their websites, etc,. FREE to Join >> http://dailyonlinejobs.com
    9PJK1587500784 2020-04-23 00:52:01

    ReplyDelete
  20. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. 2captcha api

    ReplyDelete
  21. Thank you for sharing a bunch of this quality contents, I have bookmarked your blog. Please also explore advice from my site. I will be back for more quality contents. 2captcha

    ReplyDelete
  22. I do not even know how I ended up here, but I thought this post was great.
    I don't know who you are but certainly you are going to a famous blogger if you aren't already ;) Cheers!부산오피


    ReplyDelete
  23. Dubai Fun Club for luxurious Dubai Escorts and entertainment services. You can easily find the best Escorts in Dubai on our website.

    ReplyDelete
  24. This is Very very nice article. Everyone should read. Thanks for sharing. Don't miss WORLD'S BEST GAME FOR #BikeGame

    ReplyDelete
  25. 토토사이트 Thank you for the good writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you!However, how can we communicate?my web-site:

    ReplyDelete
  26. 토토사이트 Hiya, I am really glad I have found this information. Today bloggers publish just about gossip and web stuff and this is actually annoying. A good web site with exciting content, that’s what I need. Thank you for making this website, and I’ll be visiting again.

    ReplyDelete
  27. 바카라사이트 Awesome write-up. I’m a normal visitor of your site and appreciate you taking the time to maintain. the excellent site. i will be a frequent visitor a long time

    ReplyDelete
  28. 온라인카지노사이트 whoah this blog is fantastic i love reading your posts. Keep up the great work! You know, lots of people are looking around for this information, you could aid them greatly.

    ReplyDelete
  29. I seriously love your website.. Excellent colors & theme.
    Did you create this amazing site yourself? Please reply back as I’m attempting to create my own site
    and want to know where you got this from or just what the theme is named.
    Cheers!

    Review my webpage - 슬롯추천
    (mm)

    ReplyDelete
  30. Your post is very interesting to me. Reading was so much fun. I think the reason reading is fun is because it is a post related to that I am interested in. Articles related to 메이저놀이터순위 you are the best. I would like you to write a similar post about !

    ReplyDelete
  31. As soon as I noticed this internet site I went on reddit to share some of the love with them. 먹튀

    ReplyDelete
  32. I actually wanted to type a brief remark in order to appreciate you for all the stunning tips and tricks you are showing here. I would repeat that we visitors actually are truly lucky to live in a fantastic website with so many marvelous professionals with insightful opinions. 사설토토

    ReplyDelete
  33. It’s very straightforward to find out any topic on net as compared to textbooks, as I found this post at this site. 카지노

    ReplyDelete
  34. I wanted to write you one little bit of word to say thanks a lot yet again for your personal amazing tactics you have documented above. I’m sure there are lots of more pleasant sessions in the future for people who start reading your blog. 파워볼

    ReplyDelete
  35. I am constantly thought about this, thank you for posting. It’s very straightforward to find out any topic on net as compared to textbooks, as I found this post at this site. 온라인카지노

    ReplyDelete

  36. Thanks for your sharing. I have more knowledge because of the posts. Your pieces of advice help me so much. They are awesome and helpful. They tell me exactly what I want to know. CBD supplements have been shown in numerous studies to alleviate chronic pain, anxiety and depression, digestive health, and more 사설경마

    ReplyDelete
  37. Exceptional post however , I was wanting to know if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit further. Thanks 사설토토사이트

    ReplyDelete
  38. I would like to thank you for the efforts you have put in penning this site. I’m hoping to view the same high-grade content by you later on as well. In truth, your creative writing abilities has motivated me to get my own, personal website now. 사설놀이터

    ReplyDelete
  39. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage? 토토사이트모음

    ReplyDelete
  40. He loves to transport his sketch pad and shows it to his
    playmates. Students can write the essay as per the
    guidance. An admission essay is your daughter's time to distinguish herself from the horde.
    스포츠토토

    ReplyDelete
  41. Having an addict inherited won't guarantee that the whole family can become addicts. But many believe that inherited genes can raise someone's amount of vulnerability to drug abuse and other addictions
    경마사이트

    magosucowep

    ReplyDelete
  42. I like this website its a master peace ! Glad I found this on google .

    토토
    먹튀검증

    ReplyDelete
  43. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks

    토토사이트
    토토
    안전놀이터

    ReplyDelete

  44. Woah! I'm really loving the template/theme of this site.
    It's simple, yet effective. A lot of times it's very difficult to get that
    "perfect balance" between superb usability and visual appeal.
    I must say you have done a awesome job with this. Additionally, the blog loads super fast for
    me on Chrome. Outstanding Blog!


    스포츠토토
    토토사이트
    안전놀이터

    ReplyDelete
  45. Hello friends, pleasant paragraph and nice arguments commented at this place, I am actually enjoying by these.

    바카라사이트
    카지노사이트홈
    카지노

    ReplyDelete
  46. As I web-site possessor I believe the content matter here is
    rattling fantastic , appreciate it for your
    hard work. You should keep it up forever! Best of luck.



    카지노사이트
    바카라사이트
    안전카지노사이트

    ReplyDelete
  47. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks토토사이트

    ReplyDelete
  48. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage?먹튀검증

    ReplyDelete
  49. I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks 토토사이트

    ReplyDelete
  50. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage 먹튀검증

    ReplyDelete
  51. While looking for articles on these topics, I came across this article on the site here. As I read your article, 안전놀이터

    ReplyDelete
  52. It’s really a great and helpful piece of info. I’m glad that you shared this helpful info with us. Please keep us up to date like this. Thanks for sharing.
    스포츠토토

    ReplyDelete
  53. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value. Im glad to have found this post as its such an interesting one! I am always on the lookout for quality posts and articles so i suppose im lucky to have found this! I hope you will be adding more in the future. 토토사이트추천

    ReplyDelete

Post a Comment