Hello Hunters! It’s been a while since my last write up, so i decide to share a fun experience that i had while hunting on a private program.
What the hell is a captcha?
From my point of view: The captcha solver is mostly used to avoid bots and ensure that the user behind the app is a real human being.
Share is care, so let’s go to the write up!
So i started looking for the most common places where captcha can be found like signup, login and password reset pages. The one i found was on the Signin page like this:
https://api-id.example.com/v1/auth/register
So I entered the name, email and password and I was sign up and catch request in proxy.
when i delete captha_token and relapse is true --> "captcha_token":true
I had read previous reports like this in the past to bypass captcha but to find one was great. Hope you learned something from this and if you liked it then please do share.
Thank you for taking the time to read this piece. Kindly remember to leave a comment sharing your thoughts on the blog.
Feed | LinkedIn — My LinkedIn Profile