Bypass Captcha using Python and Tesseract OCR engine

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".

In this post I am going to tell you guys how to crack weak captcha s using python and Tesseract OCR engine.Few days back I was playing around with an web application.The application was using a captcha as an anti automation technique when taking users feedback.

First let me give you guys a brief idea about how the captcha was working in that web application.
Inspecting the captcha image I have found that the form loads the captcha image in this way:
<img src="http://www.site.com/captcha.php"> 
From this you can easily understand that the “captcha.php” file returns an image file.
If we try access the url http://www.site.com/captcha.php each and every time it generates an image with a new random digit.
To make this clearer to you, Let me give you an example
Suppose after opening the feedback form you got few text fields and a captcha.Suppose at a certain time the captcha loaded with a number for ex. "4567".
So if you use that code "4567" the form will be submitted successfully.

Now the most interesting thing was if you copy the captcha image url (which is http://www.site.com/captcha.php in this case) and open the image in new tab of same browser ,the cpatcha will load with a different number as I have told you earlier. Suppose you have got "9090" this time. Now if you try to submit the feedback form with the number that’s was loaded earlier with the feedback form( which was "4567" )the application will not accept that form. If you enter “9090” then the application will accept that form.
For more clear idea I have created this simple Fig.


Now my strategy to bypass this anti automation techniques was
1)Download the image only from 
http://www.site.com/captcha.php 
2)Feed that image to OCR Engine
3)Craft an http POST request with all required parameter and the decoded captcha code, and POST it.

Now what is happening here??

When you are requesting the image file, the server will do steps 1 to 5 as shown in figure.
Now when we are posting the http request, the server will match the received captcha code with the value that was temporarily stored. Now the code will definitely match and server will accept the form.

Now I have used this Python Script to automated this entire process.


from PIL import Image
import ImageEnhance
from pytesser import *
from urllib import urlretrieve
 
def get(link):
    urlretrieve(link,'temp.png')
 
get('http://www.site.com/captcha.php');
im = Image.open("temp.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("temp2.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")
 
imgx = Image.open('temp2.png')
imgx = imgx.convert("RGBA")
pix = imgx.load()
for y in xrange(imgx.size[1]):
    for x in xrange(imgx.size[0]):
        if pix[x, y] != (0, 0, 0, 255):
            pix[x, y] = (255, 255, 255, 255)
imgx.save("bw.gif", "GIF")
original = Image.open('bw.gif')
bg = original.resize((116, 56), Image.NEAREST)
ext = ".tif"
bg.save("input-NEAREST" + ext)
image = Image.open('input-NEAREST.tif')
print image_to_string(image)

Here I am only posting code of OCR engine. If your are a python lover like me you can use "httplib" python module to do the rest part.This script is not idependent. pytesser python module is requred to run this script.PyTesser is an Optical Character Recognition module for Python. It takes as input an image or image file and outputs a string.
PyTesser uses the Tesseract OCR engine, converting images to an accepted format and calling the Tesseract executable as an external script.

You can get this package @ http://code.google.com/p/pytesser/

The script works in this way.
1)First the script will download the captcha image using python module "urlretrive"
After that It will try to clean backgroug noises.

2)When this is done the script will make the image beigger to better understading.
3)At last it will feed that processed image to OCR engine.
Here is another python script which is very useful while testing captchas.You can add these line to your script if the taget captcha image is too small.This python script can help you to change resolution of any image.


from PIL import Image
import ImageEnhance

im = Image.open("test.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("final_pic.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")

Thanks for reading.I hope It was helpful.Feel free to share and drop comments.

Comments

  1. Really nice! I was looking for that!

    I will surely test it out!

    ReplyDelete
  2. Nice work mate! Trying out the same this weekend!

    ReplyDelete
  3. Great research and nice way to tell

    ReplyDelete
  4. could you give examples for capchas below?

    ReplyDelete
    Replies
    1. I have tested this with very easy one! similar to this one

      https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71

      and it was almost 100% accurate!

      Delete
    2. i try it do to for this, 0% ))
      https://dl.dropbox.com/u/59666091/1.png
      https://dl.dropbox.com/u/59666091/2.png

      Delete
    3. Maybe you can help me with doint symbols more in line (not changing in sinus) and also do something with background? Thank you. Will wait for you answer.

      Delete
  5. with
    https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71
    it gives me result = I bra

    ReplyDelete
  6. Ӏ've read some excellent stuff here. Certainly price bookmarking for revisiting. I wonder how much effort you put to create such a wonderful informative website.
    Also see my web site > Facebook Captcha

    ReplyDelete
  7. If somebody needs only digits recognition in pytesser then feel free to see my sollution http://ppiotrow.blogspot.com/2013/01/pytesser-only-digits-recognition.html

    ReplyDelete
  8. Every fuel hose that connects an external gas tank to an outboard engine has an arrow printed on its hand pump that small bladder that contains a check valve and sends fuel from tank to engine with a few squeezes.

    ReplyDelete
  9. Hey!

    I used your results in order to break (not very eficient) hard CAPTCHAS (Source #2):

    http://bokobok.fr/bypassing-a-captcha-with-python/

    ReplyDelete
  10. OK I WILL TRY......

    ReplyDelete
  11. Hello Everyone,

    I tried your code but it is not able to recognize such captcha:
    http://i46.tinypic.com/2mxiexv.jpg
    http://i49.tinypic.com/n53lth.jpg

    I will appreciate your answers.

    ReplyDelete
  12. Wow! its realy useful to us, its easy to follow and implement! Thank you for your exciting information,..

    Easy Captcha Solving

    ReplyDelete
  13. hurray...............this is very informative and useful.........................................thanks for sharing.............keep blogging.............

    captcha bypass services

    ReplyDelete
  14. Hi Mandal,
    first I have to note that I'm new to Python. I tried your code, and had to do a few modifications to make it work with particular Captcha I'm using. I can post the code, 'cause my personal opinion that works much better. The problem I have is making the part with httplib. Once I've decoded the Captcha, I cannot find the way tricking it that it came from the original source (I'm using it to log in to a website that has 10 min inactivity logout policy, while log in has a lot of queries that need to be manually typed).
    Anyway, your code was very helpful, and a great startup point.
    Thanks,
    M.Zinovic

    ReplyDelete
  15. Hi,
    the captcha that i am trying to break is http://www.afreesms.com/image.php
    it's an easy 7 letter code. always the same type of letter, color, size. MY problem is: I am a noob. I don't know what i must do in order to get this working. If someone could hel, that would be great.

    thanks

    ReplyDelete
  16. Hi,
    Look like the DecaptchaBlog is very excellent, I like to read source code and Decaptcha verification then Bypasscaptcha explanation is very excellent.. the Decaptchaand the Bypasscaptcha is very useful for your guidance.. Really great informativ blog..
    Thanks to all..
    Decaptcha

    ReplyDelete
  17. thanks for this post. best advance Pythan courses in Bangalore.https://onlineidealab.com/learn-python/

    ReplyDelete
  18. Thanks for this nice information.
    Mukul Sharma   When the film “Birds of Prey” was released on 07 Feb 2020, trade pundits projected it to gross $50 to $55 million during the opening weekend in the US and Canadian markets. Warner Bros, the distributors of the film had their own projection pegged at $45 million. However, It could muster only […]
    https://onlineidealab.com/warner-bros-loses-22-million-in-a-weekend-due-to-poor-seo/

    ReplyDelete
  19. Earn Rs.25000/- per month - Simple online Jobs - Are You Looking for Home-Based Online Jobs? - Are You a Student, Housewife, jobseeker ? - Are you ready to Work 1 to 2 Hours daily Online? - Do You need Guaranteed Payment Monthly? Then this is for You, - Clicking on their Advertisement E-mails. - Submitting their Data\'s online. - Reading their Advertisement Sms. - Filling Forms on their websites, etc,. FREE to Join >> http://dailyonlinejobs.com
    9PJK1587500784 2020-04-23 00:52:01

    ReplyDelete
  20. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. 2captcha api

    ReplyDelete
  21. Thank you for sharing a bunch of this quality contents, I have bookmarked your blog. Please also explore advice from my site. I will be back for more quality contents. 2captcha

    ReplyDelete
  22. I do not even know how I ended up here, but I thought this post was great.
    I don't know who you are but certainly you are going to a famous blogger if you aren't already ;) Cheers!부산오피


    ReplyDelete
  23. 바카라사이트 Awesome write-up. I’m a normal visitor of your site and appreciate you taking the time to maintain. the excellent site. i will be a frequent visitor a long time

    ReplyDelete
  24. 온라인카지노사이트 whoah this blog is fantastic i love reading your posts. Keep up the great work! You know, lots of people are looking around for this information, you could aid them greatly.

    ReplyDelete
  25. I seriously love your website.. Excellent colors & theme.
    Did you create this amazing site yourself? Please reply back as I’m attempting to create my own site
    and want to know where you got this from or just what the theme is named.
    Cheers!

    Review my webpage - 슬롯추천
    (mm)

    ReplyDelete
  26. I actually wanted to type a brief remark in order to appreciate you for all the stunning tips and tricks you are showing here. I would repeat that we visitors actually are truly lucky to live in a fantastic website with so many marvelous professionals with insightful opinions. 사설토토

    ReplyDelete

  27. Thanks for your sharing. I have more knowledge because of the posts. Your pieces of advice help me so much. They are awesome and helpful. They tell me exactly what I want to know. CBD supplements have been shown in numerous studies to alleviate chronic pain, anxiety and depression, digestive health, and more 사설경마

    ReplyDelete
  28. I like this website its a master peace ! Glad I found this on google .

    토토
    먹튀검증

    ReplyDelete
  29. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks

    토토사이트
    토토
    안전놀이터

    ReplyDelete

  30. Woah! I'm really loving the template/theme of this site.
    It's simple, yet effective. A lot of times it's very difficult to get that
    "perfect balance" between superb usability and visual appeal.
    I must say you have done a awesome job with this. Additionally, the blog loads super fast for
    me on Chrome. Outstanding Blog!


    스포츠토토
    토토사이트
    안전놀이터

    ReplyDelete
  31. Hello friends, pleasant paragraph and nice arguments commented at this place, I am actually enjoying by these.

    바카라사이트
    카지노사이트홈
    카지노

    ReplyDelete
  32. As I web-site possessor I believe the content matter here is
    rattling fantastic , appreciate it for your
    hard work. You should keep it up forever! Best of luck.



    카지노사이트
    바카라사이트
    안전카지노사이트

    ReplyDelete
  33. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks토토사이트

    ReplyDelete
  34. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage?먹튀검증

    ReplyDelete
  35. I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks 토토사이트

    ReplyDelete
  36. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage 먹튀검증

    ReplyDelete
  37. While looking for articles on these topics, I came across this article on the site here. As I read your article, 안전놀이터

    ReplyDelete
  38. This comment has been removed by the author.

    ReplyDelete
  39. Right here is the perfect blog for everyone who wishes to understand this topic. You know so much its almost tough to argue with you (not that I actually will need to…HaHa). You definitely put a fresh spin on a subject which has been discussed for a long time. Wonderful stuff, just wonderful! Howdy! This post couldn’t be written any better! Reading through this post reminds me of my previous roommate! He constantly kept talking about this. I most certainly will send this information to him. Pretty sure he'll have a good read. Thank you for sharing! Howdy! Do you use Twitter? I'd like to follow you if that would be okay. I'm absolutely enjoying your blog and look forward to new updates.| Good post. I learn something totally new and challenging on blogs I stumbleupon every day. It's always interesting to read content from other writers and practice a little something from other websites. 토토매거진

    ReplyDelete
  40. It was a great speech, thank you for sharing. 온라인경마

    ReplyDelete
  41. 토토 I found this to be interesting. Exciting to read your honest thought.

    ReplyDelete
  42. 토토사이트 Keep up the superb work, I read few blog posts on this website
    and I conceive that your site is really interesting and contains lots
    of wonderful info.

    ReplyDelete
  43. 토토사이트 I recently found many useful information in your website especially this blog page. Among the lots of comments on your articles. Thanks for sharing

    ReplyDelete
  44. 프로토 This is a topic which is near to my heart... Many thanks!
    Exactly where are your contact details though?

    ReplyDelete
  45. 온라인카지노사이트 reetings! I know this is kinda off topic however , I’d figured I’d ask.Would you be interested in trading links or maybe guest writing a blog post or vice-versa? My site addresses a lot of the same topics as yours and I believe we could greatly benefit from each other.


    ReplyDelete
  46. 온라인카지노사이트 I love what yyou guys are up too. This kinnd of clever work and coverage! Keep up tthe good works guys I’ve included you guys to blogroll.Also visit my web blog

    ReplyDelete
  47. hank you for the good writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you!However, how can we communicate?my web-site: 스포츠중계

    ReplyDelete
  48. Looking at this article, I miss the time when I didn't wear a mask. 바카라사이트 Hopefully this corona will end soon. My blog is a blog that mainly posts pictures of daily life before Corona and landscapes at that time. If you want to remember that time again, please visit us.


    ReplyDelete
  49. Beautiful blog, – thank you for sharing! I will include your link in my new post. And I left a comment on your latest article about finding and using your gifting.

    무료야설
    휴게텔
    마사지블루
    건전마사지
    카지노사이트

    ReplyDelete
  50. This article gives the light in which we can observe the reality. This is very nice one and gives in-depth information. Thanks for this nice article 스포츠토토티비


    ReplyDelete
  51. Your skill is great. I am so grateful that I am able to do a lot of work thanks to your technology.메이저사이트 I hope you keep improving this technology.


    ReplyDelete
  52. I am a 슬롯사이트 expert. I've read a lot of articles, but I'm the first person to understand as well as you. I leave a post for the first time. It's great!!

    ReplyDelete
  53. You have shared a lot of information in this article. I would like to express my gratitude to everyone who contributed to this useful article. Keep posting. pain doctor near me

    ReplyDelete
  54. What's up it's me, I am also visiting this website daily, this website
    is genuinely good info for you 토토사이트

    ReplyDelete
  55. It's a very powerful article. I really like this post. Thank you so much for sharing good info for you 먹튀검증

    ReplyDelete
  56. It's a very powerful article. I really like this post nice info for you 스포츠토토

    ReplyDelete
  57. Students can Download the RSCERT 6th, 7th, 8th, 9th, 10th Model Test Paper 2023 to Prepare for the Final Exam, old Year Exam Question paper will be Available on the our Website as Pdf Format,RBSE 8th Class Question Paper RSCERT will Upload Rajasthan 6th, 7th, 8th, 9th, 10th Class Question Paper 2023 for Students upcoming Public Exam 2023, Students are Advised to go visit the official website Click on RSCERT 6th, 7th, 8th, 9th, 10th Model paper 2023 for Languages Official Hindi, English, Rajasthani Link get Pdf FormatRajasthan Board 6th, 7th, 8th, 9th, 10th Model Question Paper 2023 are Perfect for Effective Public Exam Preparation 2023, RSCERT will help High School Students Devise their Exam Preparations in an effective and organized Manner, We are Providing Latest RSCERT 6th, 7th, 8th, 9th, 10th Important Question Paper 2023 of All major Subjects Available in PDF format

    ReplyDelete
  58. Greetings! Very helpful advice in this particular article! It is the little changes which will make the largest changes. Thanks for sharing! BUY HYIP

    ReplyDelete
  59. Sweet blog! I found it while browsing on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for check my web site
    먹튀검증

    ReplyDelete
  60. Hopefully this corona will end soon. My blog is a blog that mainly posts pictures of daily life before only nice web info for you 안전놀이터

    ReplyDelete
  61. This comment has been removed by the author.

    ReplyDelete
  62. Nice informative post. Thanks for sharing this post. Keep sharing more blogs. Abogado DUI Rockingham VA

    ReplyDelete
  63. Thank you for posting such a great Work! It contains wonderful and helpful posts. Dinwiddie DUI Lawyer Virginia

    ReplyDelete
  64. I'd like to express an enormous amount of gratitude to the individual responsible for this blog. Your hard work truly stands out and evokes immense appreciation. The consistently thought-provoking content you deliver reflects your unwavering dedication and passion. Looking forward to an ongoing flow of captivating articles. Keep up this exceptional effort with utmost brilliance.! i would love to recommend -Abogado Conducción Imprudente Nueva Jersey

    ReplyDelete
  65. I apologize, but as of my last knowledge update in September 2021, I do not have access to personal blogs or websites of individuals unless they are widely recognized public figures. Therefore, I cannot provide information about "Debasish Mandal's Blog" specifically. If this is a personal blog or website, I recommend directly searching for it using search engines or checking social media profiles to find the relevant links. Is there anything else I can assist you with.
    Bufete de Abogados de Lesiones Personales Virginia

    ReplyDelete
  66. The article on using Python and Tesseract OCR engine to bypass Captcha is a fascinating read for tech enthusiasts. It simplifies a complex process and showcases the power of open-source tools in solving real-world challenges. However, it's important to emphasize ethical considerations when using such techniques. Overall, this piece is a valuable resource for understanding Captcha technology and exploring its potential applications.
    Leyes Matrimoniales de Nueva York Divorcio

    ReplyDelete
  67. Using Python and the Tesseract OCR engine to crack weak CAPTCHAs is an interesting concept. The explanation of how this process works, with the server generating a new captcha each time and the mechanism to bypass it, is insightful. The provided code and explanation make it easier for readers to understand how to implement this. It's a clever and informative post.
    How to File for Divorce in New York State
    Cómo Divorciarse en la Ciudad de Nueva York

    ReplyDelete
  68. estate lawyer
    The tutorial on bypassing Captcha using Python and Tesseract OCR is a game-changer, providing step-by-step instructions and code snippets for developers. The clear explanations and practical examples provide a solid foundation for those diving into this aspect of web development. The tutorial is informative, well-explained, and well-documented, making it accessible for both beginners and experienced developers. The clear explanations and code samples make it a valuable resource for developers. The tutorial is incredibly helpful and well-documented, making it a valuable resource for both beginners and experienced developers.

    ReplyDelete
  69. The tutorial on bypassing Captcha using Python and the Tesseract OCR engine is a comprehensive guide that is accessible to users with varying levels of programming experience. truck driving accidentsThe step-by-step approach makes the process accessible and provides clear instructions for implementation. The tutorial effectively highlights the capabilities of Python and the Tesseract OCR engine for Captcha bypass, making it a valuable resource for those looking to explore these technologies.

    The tutorial offers a step-by-step approach, breaking down the process into manageable steps. The real-world examples and code snippets enhance the learning experience. The use of Python and Tesseract OCR for Captcha bypass is a game-changer, and the tutorial's combination encourages learning and experimentation.

    The tutorial provides a comprehensive guide on bypassing Captcha with Python and Tesseract OCR, offering clear explanations and practical examples that make it an invaluable resource for developers. Overall, the tutorial is a valuable resource for those looking to understand the complex process of bypassing Captcha using Python and Tesseract OCR.

    ReplyDelete
  70. Amazing, Your blogs are really good and informative. Now when we are posting the http request, the server will match the received captcha code with the value that was temporarily stored. Now the code will definitely match and server will accept the form abogados de accidentes. I got a lots of useful information in your blogs. It is very great and useful to all. Keeps sharing more useful blogs...

    ReplyDelete
  71. The "Bypass Captcha using Python and Tesseract OCR engine" tutorial is a comprehensive guide for developers looking to bypass captchas. It provides a step-by-step guide, making it accessible to all programming levels. The tutorial also highlights the use of Tesseract OCR engine, enhancing understanding of OCR applications in Python. Overall, it's a valuable resource for streamlining captcha handling in projects. New York Divorce Timeline

    ReplyDelete
  72. mecklenburg traffic lawyer
    The tutorial on bypassing Captcha using Python and the Tesseract OCR engine is an informative and user-friendly guide. It provides a step-by-step guide for developers dealing with Captcha challenges. The tutorial's clear instructions and concise code examples make it easy to implement the bypass process. The combination of Python and Tesseract OCR simplifies the complex process. The tutorial strikes a balance between theoretical understanding and practical implementation, making it a valuable resource for developers seeking practical solutions. The examples provided are invaluable and the tutorial's demystification of the process is commendable.

    ReplyDelete

  73. Thank you for sharing this useful information. I got wonderful information from this blog. divorce custody laws


    ReplyDelete
  74. "Unveiling the genius of bypassing CAPTCHA using Python! 🚀 This insightful guide is a testament to the ingenuity and problem-solving prowess of the Python community. The step-by-step instructions are not just a technical manual but a gateway to unlocking a new level of automation and efficiency. Kudos to the author for demystifying the seemingly impenetrable CAPTCHA barriers and empowering developers to navigate through the digital landscape with finesse. A game-changer for anyone seeking to harness the true potential of Python in overcoming challenges. Brilliantly executed tutorial!"

    District of New Jersey Protective Order

    ReplyDelete
  75. Facing financial struggles? Locate top-rated personal bankruptcy lawyers near me to guide you through the legal process and offer personalized solutions tailored to your unique situation.

    ReplyDelete
  76. Seeking a abogado tráfico harrisonburg va? Our legal team offers skilled representation for various traffic-related matters. Whether you're dealing with speeding tickets or license issues, we're here to provide you with expert guidance and advocacy. Contact us today for a consultation.

    ReplyDelete
  77. Dealing with a traffic violation in Fredericksburg, VA? Get the legal support you need from a knowledgeable traffic lawyer fredericksburg va who can help you navigate the legal process and protect your driving record.

    ReplyDelete
  78. MetaMask empowers users to securely manage Ethereum and ERC-20 tokens while seamlessly accessing decentralized applications (DApps). With its intuitive interface, you can send, receive, and store cryptocurrencies with ease, all while maintaining control over your private keys. Explore the world of decentralized finance (DeFi), trade non-fungible tokens (NFTs), and participate in blockchain-based games and communities directly from your mobile device.
    Metamask app |

    ReplyDelete

Post a Comment