Breaking Text Based Captcha is Easy!
Today, I still don’t remember how I got to this blog post but anyway I saw that they had a text based captcha.
The blog author claims that it prevents spam, which it does! Because it added an extra layer of uniqueness to his code and unintelligent spam bots don’t realise. Anyway now for the breaking:
//Break Text Based Captcha:
$regex = ‘#/>\s+
\s+
$page = getpage(’http://pooteeweet.org/blog/259/p/1′);
preg_match($regex, $page, $matches);
$n1 = intval($matches[1]);
$n2 = intval($matches[3]);
$op = $matches[2];
switch ($op) {
case ‘+’:
$INTresult = intval($n1+$n2);
break;
case ‘-’:
$INTresult = intval($n1-$n2);
break;
case ‘/’:
$INTresult = intval($n1/$n2);
break;
case ‘*’:
$INTresult = intval($n1*$n2);
break;
default:
die(’Illegal Operation’);
break;
}
echo $INTresult;
?>
Note that my framework has a function getpage which is just a simple (well quite advanced actually…) curl function.
There you have it $INTresult is the answer to the math problem.
Yes this is a very simple text captcha but breaking a more advanced one wouldn’t require that much more effort.
Regards,
Steven Roddis
Amy said,
February 5, 2007 @ 12:53 pm
How do I use it??
Wiras Adi said,
April 9, 2008 @ 10:25 pm
Yeah, mathematic operation in text-based CAPTCHA is very easy to break. And I don’t think that many sites use that method today.
I myself still use text-based CAPTCHA for my site, challenges users by giving randomly generated questions. Not fully automated yes, but apart from adding more questions to the database every week, I have nothing to complain. And my site will still work with Lynx web browser ;-)