Broken Authentication - Captcha Bypass

Rohmad Hidayah
2 min readNov 19, 2023

Summary

Hi, my name is Rohmad and I’m a Bug Hunter from Indonesia. In this article I will share my experience of how I managed to bypass captcha on a website.

Description

Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Which is a test designed to differentiate between real humans and computer bots. Typically, Captchas ask users to type text displayed in an image, solve a jigsaw puzzle, or even perform a specific task such as identifying all images with traffic in them.

Proof of Concept

1. Log in and enter your credentials, then check the ReCAPTCHA.

Login and tick the Captcha

2. Enable Intercept in Burpsuite and FoxyProxy, then Sign in.

3. Go to Burpsuite and Forward until this section.

Request Header

Then delete the &g-recaptcha-response=blablabla parameter.

4. Right click > Do intercept > Response this request, Forward to this section.

Response Header

5. Turn off Intercept in Burpsuite and go to your Browser, it will automatically redirect to your account or reload the page.

It Works

Impact

1. Brute Force attacks on user accounts.

2. DDoS attacks.

If the developer has not provided a limit for Login/Register attempts, this vulnerability can slow down the service and can overload the server resulting in the website being inaccessible.

References

https://www.hackergpt.chat/
https://hackerone.com/reports/246801
https://hackerone.com/reports/700075
https://hackerone.com/reports/124173

Connect with me

https://www.linkedin.com/in/rohmadhidayah

--

--