xp_CAPTCHA(白嫖版) burp 验证码 识别 burp插件

Related tags

Security related resources NEW_xp_CAPTCHA
Overview

xp_CAPTCHA(白嫖版)

说明

xp_CAPTCHA (白嫖版)

  • 验证码识别
  • burp插件

安装

需要python3 小于3.7的版本

安装 muggle_ocr 模块(大概400M左右)

python3 -m pip install -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com muggle-ocr

image

运行 server.py

image

等待显示出 Starting server, listen at: 0.0.0.0:8899 访问 http://127.0.0.1:8899/ 显示下面界面即为正常。

image

linux 下安装可能会需要

image

安装即可

yum install libglvnd-glx-1.0.1-0.8.git5baa1e5.el7.x86_64

验证码识别率

image

image

image

image

image

使用方法

把图片base64编码后POST发送至接口http://localhost:8899/base64 的base64参数即可,返回结果为识别的后的结果。

image

image

burp联动识别验证码爆破

如果 server.py 在服务器上跑的话,xp_CAPTCHA.py需要修改对应的IP。

image

修改完后导入burp

image

image

Attack type处选择 Pitchfork,在http头部位置插入xiapao:验证码的URL地址

image

此处导入字典

image

选择验证码识别

image

image

然后把线程设置为1

image

blog

http://www.nmd5.com

image

You might also like...
A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

null 52 Dec 16, 2022
Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

Burp-UI Contents Introduction Screenshots Demo What's that? Who are you? Documentation FAQ Community Notes See also Licenses Thanks Introduction Scree

Benjamin 84 Dec 20, 2022
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Nuclei - Burp Extension allows to run nuclei scanner directly from burp and transforms json results into the issues
Nuclei - Burp Extension allows to run nuclei scanner directly from burp and transforms json results into the issues

Nuclei - Burp Extension Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues. Installatio

null 106 Dec 22, 2022
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

Allyson O'Malley 118 Nov 7, 2022
Burp Extension that copies a request and builds a FFUF skeleton
Burp Extension that copies a request and builds a FFUF skeleton

ffuf is gaining a lot of traction within the infosec community as a fast portable web fuzzer. It has been compared and aligned (kinda) to Burp's Intruder functionality. Thus, Copy As FFUF is trying to build that interoperatability bridge between the two.

Desmond Miles 81 Dec 22, 2022
Burp Extensions

Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru

/XNL-h4ck3r 364 Dec 30, 2022
Python script to launch burp scans automatically

SimpleAutoBurp Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

Adan Álvarez 26 Jul 18, 2022
Burp Suite extension to log GraphQL operations as a comment
Burp Suite extension to log GraphQL operations as a comment

Burp GraphQL Logger A very simple, straightforward extension that logs GraphQL operations as a comment in the Proxy view. To enable the highlight, unc

null 22 Jul 2, 2022
Broken Link Finder is a Burp Extension to detect broken links for a passive scanning domains and links.
Broken Link Finder is a Burp Extension to detect broken links for a passive scanning domains and links.

Broken Link Finder Broken Link Finder is a Burp Extension to detect broken links for a passive scanning domains and links. Inspired by InitRoot's link

Red Section 10 Sep 11, 2021
Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator
Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

Malicious PDF Generator ☠️ Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator. Used for pene

Jonas Lejon 1.9k Jan 1, 2023
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
A simple Burp Suite extension to extract datas from source code
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
About Hive Burp Suite Extension
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

null 7 Dec 7, 2022
log4j burp scanner
log4j burp scanner

log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=

null 1 Jun 30, 2022
log4j2 passive burp rce scanning tool get post cookie full parameter recognition
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

null 5 Dec 10, 2021
PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

Y-Security 1 Jan 31, 2022
Comments
  • 安装报错

    安装报错

    ERROR: Could not find a version that satisfies the requirement onnxruntime (from ddddocr) (from versions: none) ERROR: No matching distribution found for onnxruntime 这是版本原因嘛,我已经换了3.6.6版本

    opened by jinzezhi 21
  • 安装muggle-ocr依赖的时候报错

    安装muggle-ocr依赖的时候报错

    • 系统M1 Pro MacOS 12.3
    • python版本 3.6.13

    报错1(已解决)

    (py36) ➜  xp_CAPTCHA_4.1 python server_4.1.py
正在加载中请稍后……
[5]    61471 illegal hardware instruction  python server_4.1.py

    解决方法

    m1 直接安装会报错,需要修改

    报错2(已解决)

    image 
    python -m pip install -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com muggle-ocr
    image 
    INFO: pip is looking at multiple versions of opencv-python to determine which version is compatible with other requirements. This could take a while.
Collecting opencv-python
  Using cached http://mirrors.aliyun.com/pypi/packages/bc/71/4575227302db0b95bbf635dd87f2c58339f84c6e63ade1afc7d332414da2/opencv_python-4.6.0.66-cp36-abi3-macosx_10_15_x86_64.whl (46.4 MB)
INFO: pip is looking at multiple versions of numpy to determine which version is compatible with other requirements. This could take a while.
Collecting numpy
  Using cached http://mirrors.aliyun.com/pypi/packages/6a/9d/984f87a8d5b28b1d4afc042d8f436a76d6210fb582214f35a0ea1db3be66/numpy-1.19.5-cp36-cp36m-macosx_10_9_x86_64.whl (221 bytes)
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    numpy from http://mirrors.aliyun.com/pypi/packages/6a/9d/984f87a8d5b28b1d4afc042d8f436a76d6210fb582214f35a0ea1db3be66/numpy-1.19.5-cp36-cp36m-macosx_10_9_x86_64.whl#sha256=cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff (from muggle-ocr):
        Expected sha256 cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff
             Got        d562090e210ad52be5dc246c355a92e8b0098ff969426e16d8ebed0f539b13ee

    更换为一下代码解决依赖问题

    pip install  -i https://pypi.douban.com/simple/ muggle_ocr
    opened by AlexANSO 2
Releases(4.2)
Owner
算命縖子
算命縖子
GitHub
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

Allyson O'Malley 118 Nov 7, 2022
Burp Extensions

Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru

/XNL-h4ck3r 364 Dec 30, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

null 7 Dec 7, 2022
log4j burp scanner

log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=

null 1 Jun 30, 2022
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

null 5 Dec 10, 2021
PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

Y-Security 1 Jan 31, 2022