I Am 'Totally' Human: Bypassing the reCaptcha

2017 13th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS) Pub Date : 2017-12-01 DOI:10.1109/SITIS.2017.13

S. S. Brown, Nicholas DiBari, Sajal Bhatia

{"title":"I Am 'Totally' Human: Bypassing the reCaptcha","authors":"S. S. Brown, Nicholas DiBari, Sajal Bhatia","doi":"10.1109/SITIS.2017.13","DOIUrl":null,"url":null,"abstract":"In recent years, website administrators have searched for a tool to prevent automated “bots” from using their sites' resources, hindering legitimate user access. By offering a “challenge” in the form of analyzing a picture for certain features, matching like symbols from a selection, or listening to an audio clip and transcribing the text, these tasks are intended to be easy for humans to solve but impossible for a program to overcome. More recently, there have been many successful attempts at using modern technology to automate passing these challenges. In this paper, we propose a simple approach which makes use of open-source tools (reCaptcha Widget, Selenium – a proxy server pool and a public Speech to Text API) to circumvent the reCaptcha tool utilized by Google. Preliminary results demonstrate an approximately 35% success rate which can be easily improved with minor modification. However, the focal point is the simplicity of the proposed approach to highlight the vulnerability of Google's reCaptcha tool against Speech to Text API attack.","PeriodicalId":153165,"journal":{"name":"2017 13th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 13th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SITIS.2017.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

In recent years, website administrators have searched for a tool to prevent automated “bots” from using their sites' resources, hindering legitimate user access. By offering a “challenge” in the form of analyzing a picture for certain features, matching like symbols from a selection, or listening to an audio clip and transcribing the text, these tasks are intended to be easy for humans to solve but impossible for a program to overcome. More recently, there have been many successful attempts at using modern technology to automate passing these challenges. In this paper, we propose a simple approach which makes use of open-source tools (reCaptcha Widget, Selenium – a proxy server pool and a public Speech to Text API) to circumvent the reCaptcha tool utilized by Google. Preliminary results demonstrate an approximately 35% success rate which can be easily improved with minor modification. However, the focal point is the simplicity of the proposed approach to highlight the vulnerability of Google's reCaptcha tool against Speech to Text API attack.

查看原文本刊更多论文

我是“完全的”人类:绕过验证码

近年来，网站管理员一直在寻找一种工具，以防止自动“机器人”使用他们的网站资源，阻碍合法用户访问。通过提供“挑战”的形式来分析图片的某些特征，匹配选择中的符号，或者听音频片段并转录文本，这些任务对人类来说很容易解决，但对程序来说是不可能克服的。最近，已经有许多成功的尝试使用现代技术来自动通过这些挑战。在本文中，我们提出了一种简单的方法，利用开源工具(reCaptcha Widget, Selenium -代理服务器池和公共Speech to Text API)来绕过Google使用的reCaptcha工具。初步结果表明，成功率约为35%，可以很容易地提高，稍加修改。然而，重点是所提出的方法的简单性，以突出谷歌的reCaptcha工具对语音到文本API攻击的脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 13th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS)

自引率

0.00%

发文量