Building your own machine learning powered "practical" captcha solver
The objective of this talk is to share the journey of building CAPTerminator, a tool that allows anyone to utilize guided machine learning to bypass most modern-day captcha. We will discuss some common CAPTCHA solutions used today, that include not only RECAPTCHA but many other proprietary, custom, and open-source ones. During the presentation, we will analyze current captcha bypass techniques such as abusing logical/implementation flaws, utilizing image processing OCRs & captcha solving farms along with machine learning alternatives present today.
Aman Sachdev is a programmer at heart and information security expert with 9+ years of experience in the Information Security Ecosystem having trained over 19000 individuals to date including college grads, corporate developers, and security professionals worldwide. His love for breaking challenging Infrastructures, Firewalls, and Defenses has landed him as a core member of numerous Red Teams and Security Engineering Teams around the globe. He is an avid speaker and has been invited to numerous international security conferences including RSA Singapore, HITB Amsterdam, Confidence Poland+London, Hack Miami, Sec-T Stockholm, LeHack Paris, and numerous others to share his research and experiences. Aman has done his Bachelor's in Computer Applications and also holds OSCP and CRTP certification apart from his vast experience in secure code development, Bug Hunting, Web & Mobile app exploitation, and corporate network penetration testing. At present, he works as a Product Security Engineer at VMware as he solves cyber security problems during the day and creates them at night.
Most machine learning-based captcha bypasses today require an attacker to have some knowledge of AI-based automation and even then, the solutions are more of a PoC that generate their own captchas and showcase bypassing them. Moreover, these solutions cannot be readily used for automated VAPT or Bruteforcing. CAPTerminator on the other hand can be used by ANYONE to build custom datasets using guided machine learning against specific real CAPTCHAs on their pentest targets and then inherently integrate it with Burp Suite for carrying out further automated exploitation. We will explain how CAPTerminator works with Tenserflow/YOLO to not only facilitate in creating Burp consumable datasets for Image-based CAPTCHAs but also the common alternate i.e sound-based captchas. Finally, we will share our case studies as well as demos where CAPTerminator was successful against CAPTCHA solutions being used some famous web applications.
As part this talk, we will release the tool as open source on github along with a guide for pentesters on how to create custom datasets for CAPTCHA of their choice and integrate it with their Burp Suite instance.