Bypass Captcha using Python and Tesseract OCR engine

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".

In this post I am going to tell you guys how to crack weak captcha s using python and Tesseract OCR engine.Few days back I was playing around with an web application.The application was using a captcha as an anti automation technique when taking users feedback.

First let me give you guys a brief idea about how the captcha was working in that web application.
Inspecting the captcha image I have found that the form loads the captcha image in this way:
<img src="http://www.site.com/captcha.php"> 
From this you can easily understand that the “captcha.php” file returns an image file.
If we try access the url http://www.site.com/captcha.php each and every time it generates an image with a new random digit.
To make this clearer to you, Let me give you an example
Suppose after opening the feedback form you got few text fields and a captcha.Suppose at a certain time the captcha loaded with a number for ex. "4567".
So if you use that code "4567" the form will be submitted successfully.

Now the most interesting thing was if you copy the captcha image url (which is http://www.site.com/captcha.php in this case) and open the image in new tab of same browser ,the cpatcha will load with a different number as I have told you earlier. Suppose you have got "9090" this time. Now if you try to submit the feedback form with the number that’s was loaded earlier with the feedback form( which was "4567" )the application will not accept that form. If you enter “9090” then the application will accept that form.
For more clear idea I have created this simple Fig.


Now my strategy to bypass this anti automation techniques was
1)Download the image only from 
http://www.site.com/captcha.php 
2)Feed that image to OCR Engine
3)Craft an http POST request with all required parameter and the decoded captcha code, and POST it.

Now what is happening here??

When you are requesting the image file, the server will do steps 1 to 5 as shown in figure.
Now when we are posting the http request, the server will match the received captcha code with the value that was temporarily stored. Now the code will definitely match and server will accept the form.

Now I have used this Python Script to automated this entire process.


from PIL import Image
import ImageEnhance
from pytesser import *
from urllib import urlretrieve
 
def get(link):
    urlretrieve(link,'temp.png')
 
get('http://www.site.com/captcha.php');
im = Image.open("temp.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("temp2.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")
 
imgx = Image.open('temp2.png')
imgx = imgx.convert("RGBA")
pix = imgx.load()
for y in xrange(imgx.size[1]):
    for x in xrange(imgx.size[0]):
        if pix[x, y] != (0, 0, 0, 255):
            pix[x, y] = (255, 255, 255, 255)
imgx.save("bw.gif", "GIF")
original = Image.open('bw.gif')
bg = original.resize((116, 56), Image.NEAREST)
ext = ".tif"
bg.save("input-NEAREST" + ext)
image = Image.open('input-NEAREST.tif')
print image_to_string(image)

Here I am only posting code of OCR engine. If your are a python lover like me you can use "httplib" python module to do the rest part.This script is not idependent. pytesser python module is requred to run this script.PyTesser is an Optical Character Recognition module for Python. It takes as input an image or image file and outputs a string.
PyTesser uses the Tesseract OCR engine, converting images to an accepted format and calling the Tesseract executable as an external script.

You can get this package @ http://code.google.com/p/pytesser/

The script works in this way.
1)First the script will download the captcha image using python module "urlretrive"
After that It will try to clean backgroug noises.

2)When this is done the script will make the image beigger to better understading.
3)At last it will feed that processed image to OCR engine.
Here is another python script which is very useful while testing captchas.You can add these line to your script if the taget captcha image is too small.This python script can help you to change resolution of any image.


from PIL import Image
import ImageEnhance

im = Image.open("test.png")
nx, ny = im.size
im2 = im.resize((int(nx*5), int(ny*5)), Image.BICUBIC)
im2.save("final_pic.png")
enh = ImageEnhance.Contrast(im)
enh.enhance(1.3).show("30% more contrast")

Thanks for reading.I hope It was helpful.Feel free to share and drop comments.

Comments

  1. Really nice! I was looking for that!

    I will surely test it out!

    ReplyDelete
  2. Nice work mate! Trying out the same this weekend!

    ReplyDelete
  3. Great research and nice way to tell

    ReplyDelete
  4. could you give examples for capchas below?

    ReplyDelete
    Replies
    1. I have tested this with very easy one! similar to this one

      https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71

      and it was almost 100% accurate!

      Delete
    2. i try it do to for this, 0% ))
      https://dl.dropbox.com/u/59666091/1.png
      https://dl.dropbox.com/u/59666091/2.png

      Delete
    3. Maybe you can help me with doint symbols more in line (not changing in sinus) and also do something with background? Thank you. Will wait for you answer.

      Delete
  5. with
    https://lh4.ggpht.com/ZAAXYW2mlL0L0Ys7bbBSMyCGJwcUL1urk59a9Dy3fchDb__W-igiIW4ua-Y2bSbuyNfuag=s71
    it gives me result = I bra

    ReplyDelete
  6. Ӏ've read some excellent stuff here. Certainly price bookmarking for revisiting. I wonder how much effort you put to create such a wonderful informative website.
    Also see my web site > Facebook Captcha

    ReplyDelete
  7. If somebody needs only digits recognition in pytesser then feel free to see my sollution http://ppiotrow.blogspot.com/2013/01/pytesser-only-digits-recognition.html

    ReplyDelete
  8. Every fuel hose that connects an external gas tank to an outboard engine has an arrow printed on its hand pump that small bladder that contains a check valve and sends fuel from tank to engine with a few squeezes.

    ReplyDelete
  9. Hey!

    I used your results in order to break (not very eficient) hard CAPTCHAS (Source #2):

    http://bokobok.fr/bypassing-a-captcha-with-python/

    ReplyDelete
  10. OK I WILL TRY......

    ReplyDelete
  11. Hello Everyone,

    I tried your code but it is not able to recognize such captcha:
    http://i46.tinypic.com/2mxiexv.jpg
    http://i49.tinypic.com/n53lth.jpg

    I will appreciate your answers.

    ReplyDelete
  12. Wow! its realy useful to us, its easy to follow and implement! Thank you for your exciting information,..

    Easy Captcha Solving

    ReplyDelete
  13. hurray...............this is very informative and useful.........................................thanks for sharing.............keep blogging.............

    captcha bypass services

    ReplyDelete
  14. Hi Mandal,
    first I have to note that I'm new to Python. I tried your code, and had to do a few modifications to make it work with particular Captcha I'm using. I can post the code, 'cause my personal opinion that works much better. The problem I have is making the part with httplib. Once I've decoded the Captcha, I cannot find the way tricking it that it came from the original source (I'm using it to log in to a website that has 10 min inactivity logout policy, while log in has a lot of queries that need to be manually typed).
    Anyway, your code was very helpful, and a great startup point.
    Thanks,
    M.Zinovic

    ReplyDelete
  15. Hi,
    the captcha that i am trying to break is http://www.afreesms.com/image.php
    it's an easy 7 letter code. always the same type of letter, color, size. MY problem is: I am a noob. I don't know what i must do in order to get this working. If someone could hel, that would be great.

    thanks

    ReplyDelete
  16. Hi,
    Look like the DecaptchaBlog is very excellent, I like to read source code and Decaptcha verification then Bypasscaptcha explanation is very excellent.. the Decaptchaand the Bypasscaptcha is very useful for your guidance.. Really great informativ blog..
    Thanks to all..
    Decaptcha

    ReplyDelete
  17. thanks for this post. best advance Pythan courses in Bangalore.https://onlineidealab.com/learn-python/

    ReplyDelete
  18. Thanks for this nice information.
    Mukul Sharma   When the film “Birds of Prey” was released on 07 Feb 2020, trade pundits projected it to gross $50 to $55 million during the opening weekend in the US and Canadian markets. Warner Bros, the distributors of the film had their own projection pegged at $45 million. However, It could muster only […]
    https://onlineidealab.com/warner-bros-loses-22-million-in-a-weekend-due-to-poor-seo/

    ReplyDelete
  19. Earn Rs.25000/- per month - Simple online Jobs - Are You Looking for Home-Based Online Jobs? - Are You a Student, Housewife, jobseeker ? - Are you ready to Work 1 to 2 Hours daily Online? - Do You need Guaranteed Payment Monthly? Then this is for You, - Clicking on their Advertisement E-mails. - Submitting their Data\'s online. - Reading their Advertisement Sms. - Filling Forms on their websites, etc,. FREE to Join >> http://dailyonlinejobs.com
    9PJK1587500784 2020-04-23 00:52:01

    ReplyDelete
  20. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. 2captcha api

    ReplyDelete
  21. Thank you for sharing a bunch of this quality contents, I have bookmarked your blog. Please also explore advice from my site. I will be back for more quality contents. 2captcha

    ReplyDelete
  22. I do not even know how I ended up here, but I thought this post was great.
    I don't know who you are but certainly you are going to a famous blogger if you aren't already ;) Cheers!부산오피


    ReplyDelete
  23. 바카라사이트 Awesome write-up. I’m a normal visitor of your site and appreciate you taking the time to maintain. the excellent site. i will be a frequent visitor a long time

    ReplyDelete
  24. 온라인카지노사이트 whoah this blog is fantastic i love reading your posts. Keep up the great work! You know, lots of people are looking around for this information, you could aid them greatly.

    ReplyDelete
  25. I seriously love your website.. Excellent colors & theme.
    Did you create this amazing site yourself? Please reply back as I’m attempting to create my own site
    and want to know where you got this from or just what the theme is named.
    Cheers!

    Review my webpage - 슬롯추천
    (mm)

    ReplyDelete
  26. As soon as I noticed this internet site I went on reddit to share some of the love with them. 먹튀

    ReplyDelete
  27. I actually wanted to type a brief remark in order to appreciate you for all the stunning tips and tricks you are showing here. I would repeat that we visitors actually are truly lucky to live in a fantastic website with so many marvelous professionals with insightful opinions. 사설토토

    ReplyDelete

  28. Thanks for your sharing. I have more knowledge because of the posts. Your pieces of advice help me so much. They are awesome and helpful. They tell me exactly what I want to know. CBD supplements have been shown in numerous studies to alleviate chronic pain, anxiety and depression, digestive health, and more 사설경마

    ReplyDelete
  29. I would like to thank you for the efforts you have put in penning this site. I’m hoping to view the same high-grade content by you later on as well. In truth, your creative writing abilities has motivated me to get my own, personal website now. 사설놀이터

    ReplyDelete
  30. I like this website its a master peace ! Glad I found this on google .

    토토
    먹튀검증

    ReplyDelete
  31. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks

    토토사이트
    토토
    안전놀이터

    ReplyDelete

  32. Woah! I'm really loving the template/theme of this site.
    It's simple, yet effective. A lot of times it's very difficult to get that
    "perfect balance" between superb usability and visual appeal.
    I must say you have done a awesome job with this. Additionally, the blog loads super fast for
    me on Chrome. Outstanding Blog!


    스포츠토토
    토토사이트
    안전놀이터

    ReplyDelete
  33. Hello friends, pleasant paragraph and nice arguments commented at this place, I am actually enjoying by these.

    바카라사이트
    카지노사이트홈
    카지노

    ReplyDelete
  34. As I web-site possessor I believe the content matter here is
    rattling fantastic , appreciate it for your
    hard work. You should keep it up forever! Best of luck.



    카지노사이트
    바카라사이트
    안전카지노사이트

    ReplyDelete
  35. This is very attention-grabbing, You’re an overly skilled blogger.

    I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks토토사이트

    ReplyDelete
  36. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage?먹튀검증

    ReplyDelete
  37. I have joined your feed and sit up for in search of extra of your excellent post.
    Also, I have shared your site in my social networks 토토사이트

    ReplyDelete
  38. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage 먹튀검증

    ReplyDelete
  39. While looking for articles on these topics, I came across this article on the site here. As I read your article, 안전놀이터

    ReplyDelete
  40. This comment has been removed by the author.

    ReplyDelete
  41. Right here is the perfect blog for everyone who wishes to understand this topic. You know so much its almost tough to argue with you (not that I actually will need to…HaHa). You definitely put a fresh spin on a subject which has been discussed for a long time. Wonderful stuff, just wonderful! Howdy! This post couldn’t be written any better! Reading through this post reminds me of my previous roommate! He constantly kept talking about this. I most certainly will send this information to him. Pretty sure he'll have a good read. Thank you for sharing! Howdy! Do you use Twitter? I'd like to follow you if that would be okay. I'm absolutely enjoying your blog and look forward to new updates.| Good post. I learn something totally new and challenging on blogs I stumbleupon every day. It's always interesting to read content from other writers and practice a little something from other websites. 토토매거진

    ReplyDelete
  42. It was a great speech, thank you for sharing. 온라인경마

    ReplyDelete
  43. 토토 I found this to be interesting. Exciting to read your honest thought.

    ReplyDelete
  44. 토토사이트 Keep up the superb work, I read few blog posts on this website
    and I conceive that your site is really interesting and contains lots
    of wonderful info.

    ReplyDelete
  45. 토토사이트 I recently found many useful information in your website especially this blog page. Among the lots of comments on your articles. Thanks for sharing

    ReplyDelete
  46. 프로토 This is a topic which is near to my heart... Many thanks!
    Exactly where are your contact details though?

    ReplyDelete
  47. 온라인카지노사이트 reetings! I know this is kinda off topic however , I’d figured I’d ask.Would you be interested in trading links or maybe guest writing a blog post or vice-versa? My site addresses a lot of the same topics as yours and I believe we could greatly benefit from each other.


    ReplyDelete
  48. 온라인카지노사이트 I love what yyou guys are up too. This kinnd of clever work and coverage! Keep up tthe good works guys I’ve included you guys to blogroll.Also visit my web blog

    ReplyDelete
  49. hank you for the good writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you!However, how can we communicate?my web-site: 스포츠중계

    ReplyDelete
  50. Looking at this article, I miss the time when I didn't wear a mask. 바카라사이트 Hopefully this corona will end soon. My blog is a blog that mainly posts pictures of daily life before Corona and landscapes at that time. If you want to remember that time again, please visit us.


    ReplyDelete
  51. Beautiful blog, – thank you for sharing! I will include your link in my new post. And I left a comment on your latest article about finding and using your gifting.

    무료야설
    휴게텔
    마사지블루
    건전마사지
    카지노사이트

    ReplyDelete
  52. You made some good points there. I did a Google search about the topic and found most people will believe your blog. kèo nhà cái

    ReplyDelete
  53. Hello! I could have sworn I've been to this site before but after checking through some of the post I realized it's new to me. Nonetheless, I'm definitely happy I found 메이저토토사이트 and I'll be book-marking and checking back frequently!

    ReplyDelete
  54. This article gives the light in which we can observe the reality. This is very nice one and gives in-depth information. Thanks for this nice article 스포츠토토티비


    ReplyDelete
  55. Your skill is great. I am so grateful that I am able to do a lot of work thanks to your technology.메이저사이트 I hope you keep improving this technology.


    ReplyDelete
  56. I am a 슬롯사이트 expert. I've read a lot of articles, but I'm the first person to understand as well as you. I leave a post for the first time. It's great!!

    ReplyDelete
  57. You have shared a lot of information in this article. I would like to express my gratitude to everyone who contributed to this useful article. Keep posting. pain doctor near me

    ReplyDelete
  58. What's up it's me, I am also visiting this website daily, this website
    is genuinely good info for you 토토사이트

    ReplyDelete
  59. It's a very powerful article. I really like this post. Thank you so much for sharing good info for you 먹튀검증

    ReplyDelete
  60. It's a very powerful article. I really like this post nice info for you 스포츠토토

    ReplyDelete
  61. Visit ij.start canon | ij.start.cannon and find out the best way to download Canon printer drivers. Canon printers are ideal for every situation wherever you need a document, paper, or photo print or even if you wish to scan, fax, and do more.

    All-in-one Canon Inkjet printers are suitable for home, business, school, and others to improve productivity. You can easily set up your Canon printer through drivers from Canon.com/ijsetup | canon.come/ijsetup , wireless connection, USB, and a few components.

    ReplyDelete
  62. Canon printer should be connected to a network connection ij.start canon Next, download relevant printer software from ij start cannon site. We offer the required data to configure, utilize and install your Canon products on your Windows PC canon is completely safe and secure. ij.start.canon

    ReplyDelete
  63. Buying a business does not have to be a complicated endeavor when the proper process and methodology is followed. In this article, we outline eleven specific steps that should be adhered to when buying a business and bank financing is planned to be utilized. 메이저토토사이트추천

    ReplyDelete
  64. Students can Download the RSCERT 6th, 7th, 8th, 9th, 10th Model Test Paper 2023 to Prepare for the Final Exam, old Year Exam Question paper will be Available on the our Website as Pdf Format,RBSE 8th Class Question Paper RSCERT will Upload Rajasthan 6th, 7th, 8th, 9th, 10th Class Question Paper 2023 for Students upcoming Public Exam 2023, Students are Advised to go visit the official website Click on RSCERT 6th, 7th, 8th, 9th, 10th Model paper 2023 for Languages Official Hindi, English, Rajasthani Link get Pdf FormatRajasthan Board 6th, 7th, 8th, 9th, 10th Model Question Paper 2023 are Perfect for Effective Public Exam Preparation 2023, RSCERT will help High School Students Devise their Exam Preparations in an effective and organized Manner, We are Providing Latest RSCERT 6th, 7th, 8th, 9th, 10th Important Question Paper 2023 of All major Subjects Available in PDF format

    ReplyDelete
  65. Greetings! Very helpful advice in this particular article! It is the little changes which will make the largest changes. Thanks for sharing! BUY HYIP

    ReplyDelete
  66. Sweet blog! I found it while browsing on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for check my web site
    먹튀검증

    ReplyDelete
  67. Hopefully this corona will end soon. My blog is a blog that mainly posts pictures of daily life before only nice web info for you 안전놀이터

    ReplyDelete
  68. This comment has been removed by the author.

    ReplyDelete
  69. Nice informative post. Thanks for sharing this post. Keep sharing more blogs. Abogado DUI Rockingham VA

    ReplyDelete
  70. Thank you for posting such a great Work! It contains wonderful and helpful posts. Dinwiddie DUI Lawyer Virginia

    ReplyDelete
  71. Thanks for sharing beautiful content. I got information from your blog. keep sharing
    Indian divorce attorneys in Middlesex NJ

    ReplyDelete
  72. I'd like to express an enormous amount of gratitude to the individual responsible for this blog. Your hard work truly stands out and evokes immense appreciation. The consistently thought-provoking content you deliver reflects your unwavering dedication and passion. Looking forward to an ongoing flow of captivating articles. Keep up this exceptional effort with utmost brilliance.! i would love to recommend -Abogado Conducción Imprudente Nueva Jersey

    ReplyDelete
  73. I apologize, but as of my last knowledge update in September 2021, I do not have access to personal blogs or websites of individuals unless they are widely recognized public figures. Therefore, I cannot provide information about "Debasish Mandal's Blog" specifically. If this is a personal blog or website, I recommend directly searching for it using search engines or checking social media profiles to find the relevant links. Is there anything else I can assist you with.
    Bufete de Abogados de Lesiones Personales Virginia

    ReplyDelete
  74. The article on using Python and Tesseract OCR engine to bypass Captcha is a fascinating read for tech enthusiasts. It simplifies a complex process and showcases the power of open-source tools in solving real-world challenges. However, it's important to emphasize ethical considerations when using such techniques. Overall, this piece is a valuable resource for understanding Captcha technology and exploring its potential applications.
    Leyes Matrimoniales de Nueva York Divorcio

    ReplyDelete

Post a Comment