Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Bypass racaptcha on website login

Prince | Last updated: Nov 12, 2017 11:13PM UTC

How do i bypass recaptcha on website login/signup page at the time of making intruder attack?

PortSwigger Agent | Last updated: Nov 13, 2017 10:32AM UTC

Hi Prince, Thanks for your message. Fuzzing forms with captchas is generally difficult. If you have access to the website development team, ask them to provide a test copy of the website, with recaptcha disabled. If not, there is an extension to help you. You still need to manually solve the captcha, but it allows tools like Scanner and Intruder to be used: - https://github.com/TimGuenther/burp-reCAPTCHA A tool has been released that can solve recaptcha, but there isn't a Burp extension for this (yet): - https://github.com/ecthros/uncaptcha Please let us know if you need any further assistance.

Burp User | Last updated: Apr 03, 2018 10:30AM UTC

How can I use this https://github.com/TimGuenther/burp-reCAPTCHA Extension? any way??

PortSwigger Agent | Last updated: Apr 03, 2018 01:29PM UTC

Hi Anthony, Using that extension is can be a little tricky. You first need to compile it and run as a legacy Burp extension. You also need an account on http://www.deathbycaptcha.com/ (I earlier said you solved manually - that was in error) You may also need to tweak the extension code a little, in case your website uses ReCAPTCHA in a non-standard way. Some tweaks may also be required for v2 Captchas. It would be really cool if someone was to develop a new extension that provided a more "point and click" experience. Until then, unfortunately this is the best available.

Burp User | Last updated: Apr 03, 2018 04:25PM UTC

ok Thank you I got it now.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.