captcha-bypass

CAPTCHA Bypass

Send old captcha value.
Send old captcha value with old session ID.
Remove captcha with any adblocker and request again
Bypass with OCR
Response manipulation.
Use any token with the same length(+1/-1).
Remove the param value or remove the entire parameter.
Change the method from POST to GET(or PUT) and remove the captcha.
Change body to JSON or vice-versa.
Check whether the value of the captcha is in the source code.
Add headers:

X-Forwarded-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1

PreviousBroken Authentication NextApache shellshock vulnerability

Last updated 15 hours ago