Sending data to the server when protecting using a simple captcha

D

Dmitry Sergeev2012-07-08 16:07:03

Python

Dmitry Sergeev, 2012-07-08 16:07:03

The interest is purely academic and it concerns only a simple captcha "click on the house | key | beetle" ( SimpleCapcha ). You don’t need to recognize the picture, you don’t even need to count anything. It is necessary to rob the page in one session, get the desired response code, and send this response along with the data using the POST method. Is this even possible?

I tried to implement. At first I took python and selenium, but I couldn’t start the latter + it requires the browser to be on the server and X (you can replace xfvb).

Then I came across phantomjs. Here it has already been possible to steal the response code, but it is not possible to send it.

var page = require('webpage').create();
var url = 'http://localhost.dev/registration'; 
var capcha_result = '';
page.onResourceReceived = function() {
    // Этот метод срабатывает во время загрузки страницы.  
    // Загрузка обычно идёт чанками поэтому нужно проверять на null
    page.evaluate(function(){
        var capcha_name = document.querySelector('span.captchaText'); // получили текст того на что нужно кликнуть, например "жука"
        if(capcha_name!=null) {
            if(capcha_name.innerText) {
                var capcha = document.querySelector('img[title='+capcha_name.innerText+']'); // определили хэш ответа, то бишь то что нужно отправить на сервер
                capcha_result = capcha.id;
                console.log('capcha_answer='+capcha_result);
            }
        }
    });
};

page.onLoadStarted = function() {
    console.log("load started");
};

page.onLoadFinished = function() {
    console.log("load finished");
};

var data = 'nickname=phantom&pass=123456789&pass2=123456789&[email protected]&do=register&save=Регистрация&login=phantom&code='+capcha_result;

page.open(url, 'post', data, function (status) {
           
    if (status !== 'success') {
        console.log('Unable to post!');
    } else {
        console.log('Data posted!');
    }
    
});

And now it would seem that everything is ready, but page.evaluate is launched in the "sandbox" and it cannot affect the script variables. Or am I wrong and is it possible to write a global variable from page.evaluate?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nazar Mokrinsky, 2012-07-08
@nazarpc

You can use window.

window['var_name'] = 5;

D

Dmitry Sergeev, 2012-07-08
@JetMaster

Basically, I solved the problem. In page.evaluate() we implement jquery and after we have robbed the captcha we send the data to the server via $.ajax().
Conclusion: do not use such captchas, since writing a spammer does not require large resources and knowledge (I did so-so in javascript, but I decided in a day)