Sunday, April 29, 2012

CIntruder: bypass captchas


Captcha Intruder is an automatic pentesting tool to bypass captchas.


Code runs on many platforms. It requires Python and the following libraries:

- python-pycurl - Python bindings to libcurl
- python-libxml2 - Python bindings for the GNOME XML library
- python-imaging - Python Imaging Library

On Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python-pycurl python-libxml2 python-imaging

cintruder [OPTIONS]


--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose active verbose mode output results
--proxy=PROXY use proxy server (tor: http://localhost:8118)
--track=TRACK download a number of captchas from url (to: 'inputs/')
--train=TRAIN apply common OCR techniques to captcha
--crack=CRACK brute force using local dictionary (from: 'iconset/')
--xml export result to xml format

Advanced OCR (training):

--set-id=SETIDS set colour's id manually (use -v for details)
--editor launch an editor to apply image filters

Modules (training):

--list list available modules (from: 'core/mods/')
--mod=NAME train using a specific OCR exploiting module

Handlering (cracking):

--tool=COMMAND replace suggested word on commands of another tool. use
'CINT' marker like flag (ex: 'txtCaptcha=CINT')

CIntruderNet (''):

--send-net send resolved captcha to CIntruderNet
--view-net visit distributed online dictionary website


* Simple crack from file:

$ python cintruder --crack "captcha.gif"
* Simple crack from URL:

$ python cintruder --crack ""
* Simple crack, exporting results to xml file

$ python cintruder --crack "captcha.gif" --xml "test.xml"
* Simple crack, with proxy TOR and verbose output

$ python cintruder --crack "" --proxy="" -v
* Train captcha(s) from url, with proxy TOR and verbose output

$ python cintruder --train "" --proxy "" -v
* Track 50 captcha(s) from url with proxy TOR

$ python cintruder --track "" "50" --proxy ""
* List available modules (from core/mods/)

$ python cintruder --list
* Launch an OCR module to train a specific local captcha

$ python cintruder --train "inputs/easycaptcha.gif" --mod easy
* Launch an OCR module to crack a specific online captcha, with verbose output

$ python cintruder --crack "" --mod easy -v
* Replace suggested word by CIntruder after cracking, on input commands of another tool (ex: XSSer)

$ python cintruder --crack "" --tool "xsser -u¶m2=bar&txtCaptcha=CINT"
* Send online captcha cracked to distributed online dictionary (CInet)

$ python cintruder --crack "" --send-net
* Visit distributed online dictionary (CInet) website (

$ python cintruder --view-net


Post a Comment


Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by TadPole