Hello Cybrarians and RatTeam-sters,Recently, I've been experimenting with Juliar Hallucinogen module for Juliar to break Google's I am not a robot CAPTCHA. Juliar HTTP API was used for this experiment.For this experiment, I created a simple registration page with google's captcha. When you click on Google's captcha I am not a robot...there is a chance that you will get captcha and there is a chance you will not...So let's explore this:
Google successfully validated you when "recaptcha-checkbox-checkmark" appears...
So, once we get this signal, we can stop running Juliar Hallucinogen and do other stuff with Juliar like actually registering. Now that we have a success condition, we need to actually solve google's images. Well, it's actually just one image that gets divided. So we use Juliar to cut the image into 8 images.So now we have 8 images. What do we do now?
Well, we use Google against itself. We ask google to search by image (duh, right?). Luckily, Google is friendly :) and will tell you what the image is.So you can get the names of all 8 images and see if any of them match the keyword. Google doesn't give another captcha if you only do 8 image searches, so in this case, we can safely perform this task.Now here is where hallucinogen comes in handy. Sometimes Google doesn't give results for an image, or there is something complex like clicking all squares with the image. From Google, we learn what a car is, what a restaurant is, and others. Then we tell Juliar Hallucinogen to pick those squares. Hallucinogen eventually finds a pattern and becomes better at detecting those captchas. After about 4 hours I received the results 10% solvable.Final results:
Eventually, Juliar Hallucinogen was able to solve ~15.4% of Google's Captchas. This is actually very accurate and even if captcha gets every 5th one wrong, it will pick the correct answer better than an average person.Google Recaptcha has been somewhat
broken!Thanks for reading!Visit Juliar.org if you're interested in learning more about Juliar.