This project is for educational and research purposes only.
Built with Pyppeteer for ChromeĪutomation framework and similarities to Puppeteer, PyDub for easilyĬonverting MP3 files into WAV, aiohttp for async minimalistic web-server,Īnd Python’s built-in AsyncIO for convenience.
Mozilla's DeepSpeech, PocketSphinx, Microsoft Azure’s, Wit.AI, Google Speech orĪmazon's Transcribe Speech-to-Text API. In March 2018, Google addressed a separate flaw in reCAPTCHA that allowed a web application using the technology to craft a request to "/recaptcha/api/siteverify" in an insecure manner and get around the protection every time.An async Python library to automate solving ReCAPTCHA v2 by images/audio using With reCAPTCHA used by hundreds of thousands of sites to detect abusive traffic and bot account creation, the attack is a reminder that it's not always foolproof and of the significant consequences a bypass can pose. "Even worse: reCAPTCHA v2 is still used in the new reCAPTCHA v3 as a fallback mechanism," Tschacher noted. Tschacher's effort is an attempt to keep the PoC up to date and working, thus making it possible to circumvent the audio version of reCAPTCHA v2 by leveraging a bot to simulate the entire process and defeat the protections. To carry out the attack, the audio payload is programmatically identified on the page using tools like Selenium, then downloaded and fed into an online audio transcription service such as Google Speech-to-Text API, the results of which are ultimately used to defeat the audio CAPTCHA.įollowing the attack's disclosure, Google updated reCAPTCHA in June 2018 with improved bot detection and support for spoken phrases rather than digits, but not enough to thwart the attack - for the researchers released " unCaptcha2" as a PoC with even better accuracy (91% when compared to unCaptcha's 85%) by using a "screen clicker to move to certain pixels on the screen and move around the page like a human." Offered for accessibility reasons, it poses an audio challenge, allowing people with vision loss to play or download the audio sample and solve the question. The whole attack hinges on a research dubbed " unCaptcha," published by University of Maryland researchers in April 2017 targeting the audio version of reCAPTCHA.
0 kommentar(er)
