Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a bad CAPTCHA vulnerability #69

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added a bad CAPTCHA vulnerability #69

wants to merge 3 commits into from

Conversation

martingalloar
Copy link

This added vulnerability is aimed at playing with image recognition/OCR to guess/identify bad CAPTCHA codes. As opposite to "Insecure CAPTCHA", there's no vulnerability on the validation logic but instead the CAPTCHA is generated using weak configurations.

It also has the advantage that can be used in isolated environments where the DVWA doesn't have Internet access and ReCaptcha can't be used. The library used is https://github.com/claviska/simple-php-captcha (MIT license).

Let me know if you think it would be a good addition or if it need some aspect to be worked on. Otherwise I left it here for if someone else has a requirement similar to this one.

@martingalloar
Initial implementation of bad CAPTCHA
dba5a7d 
This added vulnerability is aimed at playing with image recognition/OCR to guess bad CAPTCHA codes.
@martingalloar
Link to the CAPTCHA library used
d57f289
@martingalloar
Using only digits on "low"
a7c7529
@digininja
Copy link
Owner

Anyone got any time to go through this and have a look at it? Would need updating to include impossible level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@martingalloar @digininja