get captcha with curl

Question

get captcha with curl

Navigation

#1 by (2 votes)
#2 by (2 votes)

2

I found this code on the internet, and I want to get your captcha from this page link

your captcha is generated every time you refresh the page, is it possible to obtain it?

    <?php

    $cookie="cookie.txt";

    function open($url)
    {
        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,$url);  
        curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2');
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_COOKIE, 1);
        curl_setopt($ch, CURLOPT_COOKIEJAR,$cookie);
        curl_setopt($ch, CURLOPT_COOKIEFILE,$cookie);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 
        curl_setopt ($ch, CURLOPT_REFERER, $url);
        $result = curl_exec($ch);  
        curl_close($ch);

        return $result;
    }

    function between($string, $start, $end)
    {
        $out = explode($start, $string);

        if(isset($out[1]))
        {
            $string = explode($end, $out[1]);
            echo $string[0];
            return $string[0];
        }

        return '';
    }

    function get_captcha()
    {
        $url    = 'https://academics.vit.ac.in/student/stud_login.asp';
        $open   = open($url);
        $code   = between($open, '<img src='https://academics.vit.ac.in/student/captcha.asp', '">');
        return 'https://academics.vit.ac.in/student/captcha.asp' . $code;

    }

    function rahul()
    {
        $capth=htmlspecialchars($_POST['code']);

        echo $capth;

        $username="xyz"; 
        $password="abc"; 
        $url=url of the form in which you want to submit your data; 
        $cookie="cookie.txt";
        $veri=$capth;

        $com="Login";

        $postdata = "regno=".$username."&passwd=".$password."&vrfcd=".$veri."&submit=".$com;

        $ch = curl_init(); 
        curl_setopt ($ch, CURLOPT_URL, $url); 
        curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
        curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); 
        curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); 
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie); 
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);  // <-- add this line
        curl_setopt ($ch, CURLOPT_REFERER, $url); 

        curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
        curl_setopt ($ch, CURLOPT_POST, 1); 
        $result = curl_exec ($ch); 

        echo $result;  

        $data = curl_exec($ch);
    }
?>

<html>
    <body>
        <form action="" method="post">
            <img src="<?php echo get_captcha(); ?>" border="0" /><br />
            <input type="text" name="code" value="<?= isset($_POST['code']) ? htmlspecialchars($_POST['code']) : '' ?>" /><br />
            <input type="submit" name="submit" value="submit"/>
        </form>

        <?php
            if(isset($_POST['submit'])) {
                rahul();
            }
        ?>
    </body>
</html>

php curl

asked by hubman 17.10.2016 в 19:30

source

2 answers

Error in JavaScript setInterval Admit letters and spaces in Python

score 2 · Answer 1

Short answer: No.

Long answer: You can, but surely not.

Trying to skip the ReCAPTCHA check is not as trivial as it might seem; it's not just an image that you write the text and it's over, there are more things that come into play: cookies, checking domains, checking routes ...

Since you are reading the page with curl (assuming that you want to recreate the form on your page), you could show the CAPTCHA image to the user and that he / she writes it, but it could still fail because the same URL changes image every time it loads (and ReCAPTCHA can consider it as two different requests).

Even if you read the page and present it to the user with the correct image and the user responds correctly, it may not work. Because ReCAPTCHA checks that there is a cookie on the client's computer (something that looks like the script you share tries to simulate, although I'm not sure how it works).

And if all the above works, ReCAPTCHA keeps checking that the domain of the server that made the CAPTCHA request matches the one that performs the sending. And then there will be other checks that I do not know.

As I put you in my comment, ReCAPTCHA is designed precisely to avoid things like what you're trying to do (automatic submission of forms or impersonating the actual form on your site to forward the information).

That does not mean it's impossible. That the designers of ReCAPTCHA are experts in cybersecurity does not mean that hackers are not. And in fact, they managed to decipher the old versions and skip the validation in some cases.

Searching the Internet there are sites that talk about tools that help with checking (although they usually talk about old versions), or just enter a correct value and it works for everyone (with the new ReCAPTCHA). .. but I do not know how reliable (or reliable) are the methods they expose.

And the truth, that would be to enter into much more complex issues (and with possible legal ramifications) of which a question in StackOverflow allows.

score 2 · Answer 2

It is assumed that the captcha is precisely so that we do not do what you want, because it is complicated because they are images and not flat files, and I was looking and your form and travel encoded will be hard your task.