Friday 29 June 2012

Web's Most Secured Tool, No Longer Be Secure CAPTCHA CRACKED!!!


We often encounter with a picture during a registeration  on a secured website which is a text written in modified form or underlined or designed in such a way that it can be easily understandable only by humans. It is generally called CAPTCHA(Completely Automated Public Turing Test To Tell Computers And Humans Apart).As Shown in the Image Below...



CAPTCHAs are used in attempts to prevent automated software from performing actions which degrade the quality of service of a given system, whether due to abuse or resource expenditure. CAPTCHAs can be
deployed to protect systems vulnerable to e-mail spam, such as the webmail services of Gmail, Hotmail, and Yahoo! Mail.
                                                                     
  But,
 An alarming number of CAPTCHAs schemes are vulnerable to automated attacks.

So After deep Research, Security Experts gave rise to CAPTCHA cracking tool called TesserCap.

TesserCap is a OCR(Optical Character Recognition) engine.
It is a GUI based, point and shoot CAPTCHA analysis tool with the following features:
  1. A generic image preprocessing engine that can be configured as per the CAPTCHA type being analyzed.
  2. Tesseract-OCR as its OCR engine to retrieve text from preprocessed CAPTCHAs.
  3. Web proxy support
  4. Support for custom HTTP headers to retrieve CAPTCHAs from websites that require cookies or special HTTP headers in requests
  5. CAPTCHA statistical analysis support
  6. Character set selection for the OCR Engine.
An example TesserCap image preprocessing and run on Wikipedia (Wikimedia’s Fancy CAPTCHA) is shown below:
 

Downloads

TesserCap and it's user manual can be downloaded from one of the following locations:

Results

The two tables below summarize the CAPTCHA analysis performed using TesserCap for few popular websites and some CAPTCHA service providers. All these tests were performed using TesserCap’s image preprocessing module and Tesseract-OCR’s default training data.


Website Accuracy* Quantcast Rank
wikipedia 20-30% 7
ebay 20-30% 11
reddit.com 20-30% 68
CNBC 50+% 121
foodnetwork.com 80-90% 160
dailymail.co.uk 30+% 245
megaupload.com 80+% 1000
pastebin.com 70-80% 32,534
cavenue.com 80+% 149,645






*This accuracy maybe further increased by training the Tesseract-OCR engine for the CAPTCHAs under test.

Open Captcha Preprocessing

 

So this is the present and most important task in front of Security Experts of big Security ferms to protect their data bases from the attack of CAPTCHA Crackers.


So, I will be back soon with a new Security Threat.......
Keep Visiting Journey2Hack...
Good Bye!!!







Get this widget
Posted by at
Labels: