Advertisement
Guest User

Untitled

a guest
May 8th, 2016
299
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.98 KB | None | 0 0
  1. Hey, I wanted to ask this question in the forums but I'm getting blocked by CloudFlare everytime I try to compose a new post...
  2.  
  3. Well, I know that you are one of the advanced users here on HF when it comes to HttpRequests and I'd like to ask you if you could help me with that..
  4.  
  5. If you need money for this, then just tell me a price for your help.
  6.  
  7. Here it is:
  8. I'm currently trying to solve (not bypass, just send the answer) reCAPTCHA via HttpWebRequests but I'm failing at one parameter.
  9.  
  10. I'm using this site for testing purposes: http://patrickhlauke.github.io/recaptcha/
  11.  
  12. What I've done so far:
  13. [quote]
  14. [list]
  15. [*]Send GET Request -> http://patrickhlauke.github.io/recaptcha/
  16. [*]Parse -> data-sitekey="[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]"
  17. [*]Send GET Request -> https://www.google.com/recaptcha/api2/anchor?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]&co=[color=#FF0000]aHR0cHM6Ly9wYXRyaWNraGxhdWtlLmdpdGh1Yi5pbzo0NDM[/color]
  18. [list]
  19. [*]The second red value is a BASE64 String which contains the Domain Name + Port specified for the data-sitekey -> BASE64_ENCODE([color=#FF0000]https://patrickhlauke.github.io:443[/color])
  20. [/list]
  21. [*]Parse -> id="recaptcha-token" value="[color=#FF0000]03AHJ_VutqBTwUTg...[/color]"
  22. [*]Send GET Request -> https://www.google.com/recaptcha/api2/frame?c=[color=#FF0000]03AHJ_VutqBTwUTg...[/color]
  23. [*]Parse -> recaptcha.frame.Main.init("[....]") between [color=#FF0000][\x22rresp\x22,\x22[/color] and [color=#FF0000]\x22[/color] and you will get one more [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
  24. [*]Parse -> between [color=#FF0000][\x22pmeta\x22,[\x22[/color] and [color=#FF0000]\x22[/color] and you will get the "instruction" what kind of pictures you'll have to click, for example [color=#FF0000]/m/07jdr[/color] (this is the name/id/whatever for [color=#FF0000]Select all images with trains.[/color])
  25. [*]Send GET Request (this is the captcha image itself) -> https://www.google.com/recaptcha/api2/payload?c=[color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]&k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
  26. [*](Download or just show the captcha image in your Windows Form)
  27. [*]Send POST Request (Captcha Answer) -> https://www.google.com/recaptcha/api2/userverify?k=[color=#FF0000]6Ld2sf4SAAAAAKSgzs0Q13IZhY02Pyo31S2jgOB5[/color]
  28. [list]
  29. [*]POST Parameters:
  30. [list]
  31. [*]v = r20160502112552 (API Version? It's everytime the same value)
  32. [*]c = [color=#FF0000]03AHJ_VuuUAmYWcUwr5PT...[/color]
  33. [*]response = eyJyZXNwb25zZSI6IjMsNSw4In0. -> BASE64 String which contains the IDs of the images you have clicked (first image has ID 0) -> BASE64_ENCODE([color=#FF0000]{"response":"3,5,8"}[/color])
  34. [*]t = 11228 (don't know, everytime different but same as ct - reCAPTCHA also success without this param)
  35. [*]ct = 11228 (don't know, everytime different but same as t - reCAPTCHA also success without this param)
  36. [*]bg = !r6lHI_LEBsGBAVBBxz2yqSQttAUHAAAAiVcAAAAFDw... [b][color=#32CD32]THIS IS MY PROBLEM[/color][/b]
  37. [/list]
  38. [/list]
  39. [/list]
  40. [/quote]
  41.  
  42. If everything was correct you will receive a JSON String with again one more [color=#FF0000]03AHJ_...[/color] which you can finally use for the main website you want to enter/login/whatever. Just use it in the POST Request, for example:
  43.  
  44. [quote]
  45. [list]Send POST Request -> https://mysite.com/login
  46. [list]
  47. [*]POST Parameters:
  48. [list]
  49. [*]username = myusername123
  50. [*]password = mypassword123
  51. [*]g-recaptcha-response = the new [color=#FF0000]03AHJ_...[/color]
  52. [/list]
  53. [/list]
  54. [/list]
  55. [/quote]
  56.  
  57. But how do I get the "bg" value? This is the only parameter which makes me failing at logging into a website. I tried it with some Chrome Extensions which allow me to block/edit outgoing HttpRequests. So I tried to edit and also remove for example the params "ct" or "t" and "v" and as stated above the captcha also succeeded without these params. Only the 03AHJ_ value (captcha image) and the bg value are important, otherwise reCAPTCHA will send me a new captcha to solve as JSON String.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement