{"id":13539458,"url":"https://github.com/bit4woo/recaptcha","last_synced_at":"2025-04-12T23:39:21.615Z","repository":{"id":44729529,"uuid":"109095496","full_name":"bit4woo/reCAPTCHA","owner":"bit4woo","description":"reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件","archived":false,"fork":false,"pushed_at":"2023-11-23T07:25:15.000Z","size":1357,"stargazers_count":805,"open_issues_count":5,"forks_count":155,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-12T23:39:17.008Z","etag":null,"topics":["burp-extensions","burp-plugin","burpsuite","captcha","intruder","recaptcha","recognize-captcha","recognizes-images"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bit4woo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-11-01T06:28:09.000Z","updated_at":"2025-03-23T15:36:07.000Z","dependencies_parsed_at":"2022-08-23T12:00:13.501Z","dependency_job_id":"ee6f3597-8c81-4438-9a1e-126398a5e9e9","html_url":"https://github.com/bit4woo/reCAPTCHA","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2FreCAPTCHA","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2FreCAPTCHA/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2FreCAPTCHA/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bit4woo%2FreCAPTCHA/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bit4woo","download_url":"https://codeload.github.com/bit4woo/reCAPTCHA/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248647255,"owners_count":21139081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","burp-plugin","burpsuite","captcha","intruder","recaptcha","recognize-captcha","recognizes-images"],"created_at":"2024-08-01T09:01:26.142Z","updated_at":"2025-04-12T23:39:21.590Z","avatar_url":"https://github.com/bit4woo.png","language":"Java","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具","\u003ca id=\"aa76bde443edd8ef5b7af7e0fcab354e\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"39e9a0fe929fffe5721f7d7bb2dae547\"\u003e\u003c/a\u003eBurp","\u003ca id=\"285c52a4e04dd2f86646c8e1235c9332\"\u003e\u003c/a\u003e工具"],"readme":"### reCAPTCHA\n\n一个burp插件，自动识别图形验证码，并用于Intruder中的Payload。\n\n### 使用\n\n安装：\n\n1. 从[这里](https://github.com/bit4woo/reCAPTCHA/releases)下载插件。\n2. 将它添加到burp。如果没有遇到错误，你将看到一个新的名为“reCAPTCHA”的tab。\n\n准备：\n\n1. 通过burp代理访问目标网站的登录界面。\n\n2. 在proxy中找到获取图形验证码的请求，选中它并点击右键选择“Send to reCAPTCHA”，这个请求的信息将被发送到reCAPTCHA。\n\n   ![Send to](doc/Send_to.png)\n\n3. 切换到reCAPTCHA标签，并配置所需的参数。当参数配置好后，你可以点击“请求”按钮来测试配置。\n\n4. http://www.ysdm.net 的API是目前唯一支持的接口,其中的各项参数需要自行注册帐号并填写，才能成功调用接口完成图片的识别。该API需要的参数如下，请用正确的值替换%s ，特别注意typeid值的设定(http://www.ysdm.net/home/PriceType)。\n\n   `username=%s\u0026password=%s\u0026typeid=%s`\n\n在Intruder中使用：\n\n完成了配置并测试成功后，现在可以在Intruder中使用该插件生成的payload了。有2种情况：用户名或密码之一+验证码；用户名+密码+验证码；\n\n \n\n**情况一**：只有密码或只有用户名需要改变，我们可以用Pitchfork 模式来配置。\n\n比如，已知系统存在一个用户admin，来爆破该用户，插入点标记如下，\n\n![index_condition1_mark](doc/index_condition1_mark.png)\n\npayload 1我们从文件中加载，这个不必多说。\n\npayload 2 选择“Extension-Generated”.\n\n![index_condition1_mark_payload2](doc/index_condition1_mark_payload2.png)\n\n运行效果如下：\n\n![index_condition1](doc/index_condition1.png)\n\n \n\n**情况二**：用户名和口令都需要改变，这个稍微复杂点。我们还是使用Pichfork模式，但需要将用户名和密码一起标注为一个插入点。像这样:![img](doc/index_mark.png)\n\npayload 1 使用“自定义迭代器（Custom interator）”。并在迭代器中组合用户名和密码。\n\n在该例子中，即 position 1为用户名，position 2 为“\u0026j_password=”，postion 3为密码。\n\n![index1](doc/index1.png)\n\npayload 2 的配置和情况一中的配置完全一样。\n\n运行效果如图：\n\n![index_mark2](doc/index_mark2.png)\n\n### reCAPTCHA界面截图\n\n### ![screenshot](doc/screenshot.png)\n\n### 日志\n\n2017-11-01：第一个demo版本发布。\n\n2018-07-02：支持GSA Captcha Breaker\n\n2018-08-07：支持https://www.jsdati.com\n\n2019-07-14：优化错误输错，便于issue排查\n\n2020-06-13：实现自己的HTTP请求方法，支持代理，以便调试发现问题；重写myjsdati.java\n\n### FAQ\n\n1、关于\"Response cannot be null\"错误\n\n~~插件使用了burp的请求函数，如果提示“Response cannot be null”表明burp无法访问该请求。请检查你的网络情况和其他超时等设置，该问题无法彻底解决。~~\n\n请尝试开启“Use Self Api with proxy”选项，并将proxy设置为burp代理，然后再试，可以到burp的history中查看请求，以便排查问题。\n\n### 作者\n\n[bit4woo](https://github.com/bit4woo)@[勾陈安全](http://www.polaris-lab.com/)\n\n### 同类项目\n\nhttps://github.com/c0ny1/captcha-killer\n\nhttps://github.com/Releasel0ck/reCAPTCHA\n\nBurp插件微信交流群：![wechat_group](doc/wechat_group.jpg)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbit4woo%2Frecaptcha","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbit4woo%2Frecaptcha","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbit4woo%2Frecaptcha/lists"}