Re: wget and captcha puzzle !!!

On Sat, 21 Jan 2012 16:45:46 +0000 (UTC)
Camaleón <noelamac@xxxxxxxxx> wrote:

On Sat, 21 Jan 2012 21:58:58 +0530, J. Bakshi wrote:

On Sat, 21 Jan 2012 16:21:45 +0000 (UTC) Camaleón <noelamac@xxxxxxxxx>
wrote:

(...)

If I visit the url
http://192.168.1.108/captcha.phtml?r=003665dd765d04967a7e00071e6af4a1
again and again; every time I get a new captcha. So when I submitting
the captcha by wget; it is already changes to a new one !!!! How can
I overcome this puzzle ? The form (through browser) gives a failure
notice when captcha code doesn't match. Is it possible to collect the
failure notice through wget somehow for debugging ?

Please give me some clue. I just like my linux script do the login
and activate internet. Thanks

If the captcha code auto-reloads it could be due to a session tracking
cookie or some kind of time-based script in place. Not sure how to
bypass that, it will depend on how the page is coded :-?

I would first try to keep all those wget steps in just one session by
capturing the cookie (if any) that stores the session ID.


Thanks for your suggestion. But I don't know if there is any cookie at
all. I just observe through browser, If I visit the same link next time
or refresh; I get a new captcha code. And the embedded captcha string
also changes when open or reload the login form. So when I download the
captcha, that very step also reload a new captcha. How can I know if
there is any cookie responsible for that session ?

You have to read the html code of the page... and know how to interpret
it (you need to know some of the basics of html and javascript
language) :-)

Or you can load the page from firefox (or any other browser that can
display such information) right-click over it and choose "View page
information". If the site tries to set a cookie it will be listed under
"Security" tab.

Greetings,


I have very little knowledge on html and javascript. And I'm really thankful to you
for your kind guidance. Following your tips I have seen there is indeed a cookie.

NAME: PHPSESSID
Content: 6cfd4a0b968778714d093d66a66b92a5



--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/20120121231901.2903a4cc@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: wget and captcha puzzle !!!
    ... captcha may constitute a violation of the Americans With Disabilities ... connection is based on eth); so that the subscriber can provide username ... If the captcha code auto-reloads it could be due to a session tracking ... capturing the cookie that stores the session ID. ...
    (Debian-User)
  • Re: how we use referer header to track users
    ... require a login and set one cookie containing a session number. ... it's supposed to be public, just set a cookie if one isn't already set and the user leaves a nice little trail across your site, proxies or no. ... You *especially* don't want a login, as that will deter people from bothering to contribute, since who can be bothered to make up and memorize yet another username and password on top of the six zillion they already have forgotten these days? ... If you actually want lots of user participation, requiring logins is a great way to sabotage those goals, and you'll need a captcha on the registration form to stop automated spamming anyway, so just put the captcha on the submission form instead. ...
    (comp.lang.java.programmer)
  • Re: wget and captcha puzzle !!!
    ... every time I get a new captcha. ... the captcha by wget; it is already changes to a new one ... If the captcha code auto-reloads it could be due to a session tracking ... capturing the cookie that stores the session ID. ...
    (Debian-User)
  • Re: wget and captcha puzzle !!!
    ... I am trying to make a daemon which just do the login ... every time I get a new captcha. ... If the captcha code auto-reloads it could be due to a session tracking ... capturing the cookie that stores the session ID. ...
    (Debian-User)
  • [Full-disclosure] WordPress cformsII plugin CAPTCHA bypass vulnerability
    ... The cformsII plugin for WordPress contains a vulnerability within its ... Captcha Verification functionality. ... This cookie is set when the user is presented with generated captcha image. ... The end result is that an attacker could pre-set a 'valid' captcha string. ...
    (Full-Disclosure)