When I’m looking for the code of simple Captcha for my personal project, I found this solution: http://html-tuts.com/simple-php-captcha/
The idea of this Captcha is simple, user needs to input the correct value of basic calculating: A+B
But from the view points of tester, I asked myself: How can I bypass and break it?
I’m looking into the source code of demo Captcha site and there are some useful information there, with supporting of Selenium WebDriver I can make it very easy. Here’s my step:
Source:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
package test; import java.util.concurrent.TimeUnit; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; import org.openqa.selenium.firefox.FirefoxDriver; public class bypass_math_captcha { private WebDriver driver; private String baseUrl; @Before public void setUp() throws Exception { driver = new FirefoxDriver(); driver.manage().window().maximize(); baseUrl = "http://html-tuts.com"; driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS); } @Test public void testGoogleTrans() throws Exception { driver.get(baseUrl + "/demo/simple-php-captcha/"); //Get value of the first number WebElement first_value = driver.findElement(By.name("firstNumber")); String firstNumber = first_value.getAttribute("value"); System.out.println(firstNumber); //Get value of the second number WebElement second_value = driver.findElement(By.name("secondNumber")); String secondNumber = second_value.getAttribute("value"); System.out.println(secondNumber); //Get the value of firstNumber + secondNumber int Number1 = Integer.parseInt(firstNumber); int Number2 = Integer.parseInt(secondNumber); int ExpectResult = Number1 + Number2; System.out.println("The result = " + ExpectResult); //Filling the result back to the website String ExpectResultFilling = Integer.toString(ExpectResult); driver.findElement(By.name("captchaResult")).clear(); driver.findElement(By.name("captchaResult")).sendKeys(ExpectResultFilling); //Click button to submit driver.findElement(By.xpath("//input[@value='submit']")).click(); //Verify bypass successful if (driver.getPageSource().contains("Captcha OK")) { System.out.println("Bypass the Captcha successful"); } else { System.out.println("Failed"); } } @After public void tearDown() throws Exception { driver.quit(); } } |
Summary:
– With web admin and developer: Do not use this simple way to protect your website from flooding or spam.
– From hacker side: Can use this way or something similar to bypass the Captcha.
– For tester: View the source code (front-end) and make a decision what you can test.
One Comment