Google Captcha

unread,

Jul 1, 2021, 4:28:38 AM7/1/21

to zaprox...@googlegroups.com

guys , i spent at least 1-2 years wasting time to find a way to bypass

captcha api v2-v3 images while fuzzing with Owasp Zap Proxy , but i couldn't ! :(

please if anyone know the solution , help me!

i'm really so tired of that , where are the scientists ?!

unread,

Jul 1, 2021, 5:09:36 AM7/1/21

to OWASP ZAP User Group

Technologies like captcha are specificly designed to prevent automated attacks like ZAP fuzzing.

If they were easy to bypass then there would be no point to them.

Assuming this is an authorized test you can ask the people running the site to turn of captcha so that you can test it more effectively.

Cheers,

Simon

unread,

May 25, 2022, 3:36:08 AM5/25/22

to OWASP ZAP User Group

I managed to bypass Google captcha v2 by downloading the audio file and using an audio to text to generate the sentence to be used as an input.

The issue now is that I cannot use the session cookies in ZAP in order to perform some fuzzing.

Any way cookies could be used to handle authentication in ZAP ?

unread,

May 25, 2022, 4:01:24 AM5/25/22

to OWASP ZAP User Group

Yes, ZAP supports cookie session management, and usually it just works "out of the box".

What problem are you seeing?

The more details you can tell us the better :)

Cheers,

Simon

Reply all

Reply to author

Forward