clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase.
Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file that it queries to identify CAPTCHA provider request formats and render corresponding responses.
Signature based CAPTCHA provider detection
All CAPTCHA providers are basically HTTP based custom web services. These services accept CAPTCHA validation requests in a particular format and respond with finite set of responses that allow the clients to make Boolean choices to allow or disallow the request. clipcaptcha takes advantage of this finite and predictable request and response data set to implement signature based request detection and response system.
Running clipcaptcha
The four steps to getting this working on Linux are:
1. Enable forwarding mode on your machine
2. Setup iptables to redirect HTTP traffic to clipcaptcha.
3. Run arpspoof to redirect the traffic to your machine.
4. Run clipcaptcha in one of its mode of operation.
Requirements
It requires Python 2.5 or newer, along with the ‘twisted’ python module.
You can download clipcaptcha here:
Or read more here.
Gloss