Early this year, I had an oppourtunity to work on CAPTCHAs. Also wrote a
program which can defeat simpler CAPTCHAs but it has its limitations. As the
complexities of the algo^m increases with increase in the CAPTCHA's
complexities, I had to drop it half way ;-) Thought it was a wastage of
time...
Pick from my post in FD -
http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032708.html
There already exists few interesting projects around on circumventing
CAPTCHA ( http://www.captcha.net/ ). There are various alogorithms being
written to defeat simplests to the complex CAPTCHAs but only few CAPTCHAs
have survived such tests.
A project devoted to breaking CAPTCHA systems can be found here:
http://sam.zoy.org/projects/pwntcha/
Here's a link to the original paper that discussed how they broke the
ez-gimpy system that Yahoo! uses (92%), and have about a 33% success rate
with the harder version, gimpy.
http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html
- D
-----Original Message-----
From: robert@webappsec.org [mailto:robert@webappsec.org]
Sent: Wednesday, August 24, 2005 11:59 PM
To: websecurity@webappsec.org; webappsec@securityfocus.com
Subject: [WEB SECURITY] Defeating CAPTCHA
This was linked off of slashdot
(http://it.slashdot.org/article.pl?sid=05/08/24/1629213&tid=172&tid=95)
and explains some of the ways people are breaking CAPTCHA
(http://en.wikipedia.org/wiki/Captcha) based systems.
http://sam.zoy.org/pwntcha/
- Robert
robert_at_webappsec.org
http://www.cgisecurity.com
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
