Burp插件识别验证码暴破
BP插件暴破
1、下载安装插件
https://github.com/f0ng/captcha-killer-modified
2、启动本地验证码识别服务ddddocr
codereg.py
3、抓验证码的包,发送到插件
http://127.0.0.1/yanzheng/yanzhengma.php → Extensions …
4、配置识别服务模板
5、抓登录的包,payload选插件,单线程
BP插件暴破工具
ddddocr
https://github.com/sml2h3/ddddocr
pip install ddddocr aiohttp -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
识别模板
【注意中间有空行】
POST /reg HTTP/1.1
Host: 127.0.0.1:8888
Authorization:Basic f0ngauth
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 8332
<@BASE64><@IMG_RAW></@IMG_RAW></@BASE64>