Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hey, I wanted to ask this question in the forums but I'm getting blocked by CloudFlare everytime I try to compose a new post...
- Well, I know that you are one of the advanced users here on HF when it comes to HttpRequests and I'd like to ask you if you could help me with that..
- If you need money for this, then just tell me a price for your help.
- Here it is:
- I'm currently trying to solve (not bypass, just send the answer) reCAPTCHA via HttpWebRequests but I'm failing at one parameter.
- I'm using this site for testing purposes: http://patrickhlauke.github.io/recaptcha/
- What I've done so far:
- [quote]
- [list]
- [*]Send GET Request -> http://patrickhlauke.github.io/recaptcha/
- [*]Parse -> data-sitekey="[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]"
- [*]Send GET Request -> https://www.google.com/recaptcha/api2/anchor?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]&co=[color=#FF0000]aHR0cHM6Ly9wYXRyaWNraGxhdWtlLmdpdGh1Yi5pbzo0NDM[/color]
- [list]
- [*]The second red value is a BASE64 String which contains the Domain Name + Port specified for the data-sitekey -> BASE64_ENCODE([color=#FF0000]https://patrickhlauke.github.io:443[/color])
- [/list]
- [*]Parse -> id="recaptcha-token" value="[color=#FF0000]03AHJ_VutqBTwUTg...[/color]"
- [*]Send GET Request -> https://www.google.com/recaptcha/api2/frame?c=[color=#FF0000]03AHJ_VutqBTwUTg...[/color]
- [*]Parse -> recaptcha.frame.Main.init("[....]") between [color=#FF0000][\x22rresp\x22,\x22[/color] and [color=#FF0000]\x22[/color] and you will get one more [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
- [*]Parse -> between [color=#FF0000][\x22pmeta\x22,[\x22[/color] and [color=#FF0000]\x22[/color] and you will get the "instruction" what kind of pictures you'll have to click, for example [color=#FF0000]/m/07jdr[/color] (this is the name/id/whatever for [color=#FF0000]Select all images with trains.[/color])
- [*]Send GET Request (this is the captcha image itself) -> https://www.google.com/recaptcha/api2/payload?c=[color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]&k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
- [*](Download or just show the captcha image in your Windows Form)
- [*]Send POST Request (Captcha Answer) -> https://www.google.com/recaptcha/api2/userverify?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
- [list]
- [*]POST Parameters:
- [list]
- [*]v = r20160502112552 (API Version? It's everytime the same value)
- [*]c = [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
- [*]response = eyJyZXNwb25zZSI6IjMsNSw4In0. -> BASE64 String which contains the IDs of the images you have clicked (first image has ID 0) -> BASE64_ENCODE([color=#FF0000]{"response":"3,5,8"}[/color])
- [*]t = 11228 (don't know, everytime different but same as ct - reCAPTCHA also success without this param)
- [*]ct = 11228 (don't know, everytime different but same as t - reCAPTCHA also success without this param)
- [*]bg = !r6lHI_LEBsGBAVBBxz2yqSQttAUHAAAAiVcAAAAFDw... [b][color=#32CD32]THIS IS MY PROBLEM[/color][/b]
- [/list]
- [/list]
- [/list]
- [/quote]
- If everything was correct you will receive a JSON String with again one more [color=#FF0000]03AHJ_...[/color] which you can finally use for the main website you want to enter/login/whatever. Just use it in the POST Request, for example:
- [quote]
- [list]Send POST Request -> https://mysite.com/login
- [list]
- [*]POST Parameters:
- [list]
- [*]username = myusername123
- [*]password = mypassword123
- [*]g-recaptcha-response = the new [color=#FF0000]03AHJ_...[/color]
- [/list]
- [/list]
- [/list]
- [/quote]
- But how do I get the "bg" value? This is the only parameter which makes me failing at logging into a website. I tried it with some Chrome Extensions which allow me to block/edit outgoing HttpRequests. So I tried to edit and also remove for example the params "ct" or "t" and "v" and as stated above the captcha also succeeded without these params. Only the 03AHJ_ value (captcha image) and the bg value are important, otherwise reCAPTCHA will send me a new captcha to solve as JSON String.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement