Hacking that annoying CAPTCHA:netsec

The article only talks about sweatshop(paid, high accuracy) and OCR(free, lower accuracy) methods for defeating CAPTCHA, but there’s a third method. Passing the CAPTCHA(free* high accuracy). All you need to do is make an account creation bot(or spam bot or whatever other bottable activity which needs to bypass CAPTCHAs) for the site you need to defeat CAPCHAs on, then make an unrelated site which attracts users. Whenever someone visits your site you require a CAPTCHA to get in which is actually generated via your bot on the real site and passed along to your fake site. You may also give some false negatives, but too many would drive away traffic. (i.e. when someone correctly answered a CAPTCHA for you, pretend they didn’t and run your bot again to give them a new CAPTCHA relying on them assuming there was some typo)

發表在