wget and captcha puzzle !!!

From: "J. Bakshi" <bakshi12@xxxxxxxxx>
Date: Sat, 21 Jan 2012 21:39:25 +0530

Dear list,

My internet provider provides an online form accessed by local IP (the connection
is based on eth); so that the subscriber can provide username and password to activate
the login; additionally it also has a captcha as added security. I am trying to make a
daemon which just do the login and activate the connection. Within the source of the
form the captcha link embedded as src="http://192.168.1.108/captcha.phtml?r=003665dd765d04967a7e00071e6af4a1";
And the long string at end changes everytime I reload the form.

Anyways I can read the captcha code with

```````````
#!/bin/bash

wget http://192.168.1.108

#extract the captcha string like captcha.phtml?r=72eb74eb980688ae730dbb9cb7d6a5d8

cap_string=`cat index.php | grep src=\"captcha.phtml | cut -f 10 -d '"'`

wget http://192.168.1.108/$cap_string -O /tmp/captcha.png

gocr /tmp/captcha.png
`````````````
And it really do the tricks, reading the captcha :-)

Though sending the same code through wget along-with username and password doesn't work.

wget --post-date 'username=xxx&password=xxx&captcha_code=<retrieved_code>' http://192.168.1.108

*BECAUSE*

If I visit the url http://192.168.1.108/captcha.phtml?r=003665dd765d04967a7e00071e6af4a1
again and again; every time I get a new captcha. So when I submitting the captcha
by wget; it is already changes to a new one !!!! How can I overcome this puzzle ?
The form (through browser) gives a failure notice when captcha code doesn't match. Is it possible to collect
the failure notice through wget somehow for debugging ?

Please give me some clue. I just like my linux script do the login and activate internet.
Thanks

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/20120121213925.441e8383@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: wget and captcha puzzle !!!
  - From: John Hasler
- Re: wget and captcha puzzle !!!
  - From: Bob Proulx
- Re: wget and captcha puzzle !!!
  - From: Camaleón

Prev by Date: Re: how to kill 120 jobs at once.
Next by Date: Re: Environment nomenclature undefined.
Previous by thread: Strange kernel issue with DVD drive
Next by thread: Re: wget and captcha puzzle !!!
Index(es):
- Date
- Thread

Relevant Pages

Re: wget and captcha puzzle !!!
... every time I get a new captcha. ... the captcha by wget; it is already changes to a new one ... If the captcha code auto-reloads it could be due to a session tracking ... capturing the cookie that stores the session ID. ...
(Debian-User)
Re: wget and captcha puzzle !!!
... every time I get a new captcha. ... the captcha by wget; it is already changes to a new one ... If the captcha code auto-reloads it could be due to a session tracking ... capturing the cookie that stores the session ID. ...
(Debian-User)
Re: Account Lockouts
... attack on reduced forms of that that may lead to other interesting ... question anyway when they try a username that doesn't exist. ... The point is - you don't need a valid username to ask a secret question. ... I have seen many CAPTCHA implementations that are simply ...
(SecProg)
Re: pam_captcha username harvest vulnerability
... You simply get prompted for another CAPTCHA. ... if you enter a username that is a valid user followed by the ... solution is to disable pam_captcha in your pam config file. ... prompts you for a password. ...
(Bugtraq)
Re: Bei jedem fehlerhaften login, soll etwas in Session[] geschrieben werden, wie teuer wird dies?
... Captcha angezeigt werden bei jedem Login-Versuch für diesen Account ... insert into captchaTable (captchaValue, userName) values (@captcha, ... davon ist der legitime Nutzer? ...
(microsoft.public.de.german.entwickler.dotnet.asp)