Online social (and unaware) CAPTCHA cracking

Note: remember that this is only an idea and I’m not responsible of its use.

Yesterday I was talking with my friend Davide about the announce of Yahoo’s and Google’s CAPTCHAs cracked and another funny and foolish idea, something similar to Javascript online massive social password cracking, came into my mind.

Articles report that breaking algorithms have a success rate from 10% to 35%,with an average of 1 crack for 5 attempts… too slow!

There should be a method to improve the success rate and here I would like to discuss a nice scenario that I hope nobody would implement ;-)

Base idea:

Captcha cracking procedure  There are three base components to get this idea working:

  • spam-bots : bots used to spam blogs, forums and websites.
    • they submit CAPTCHA decoding requests to a server (named capster)
  • capster is divided in :
    • a server that handles CAPTCHA decoding requests’ queue (named cpqueue)
    • a website of social interest ( :-) explained later )
  • unaware users : clients of the website
    • they decodes CAPTCHAs displayed in website’s pages

The success of this approach depends on the topic of the website… We need something that could never become boring… Yes, I know you’re thinking about it! Yeah! Sex!!

So let be pornography the topic of the website.

As explained in the diagram, spam-bots send CAPTCHA decoding requests to cpqueue (part of capster) which forwards them to the website and here unaware users resolve them.

Every 5-6 photos or 2 videos the unaware user have to enter the code of a CAPTCHA displayed on a page to continue browsing. An horde of sizzling surfers will be happy to decode CAPTCHAs to quickly proceed to the next step of strip tease :-D

Probably the wish to see something more will obfuscate the consciousness of what they’re doing!

With a bit of luck we can obtain a success rate of 100% ;-) 

I heard that there’s some Virus which implement a similar approach using popup strip teases, but malware has always to fight to survive on a computer so there’s the constant risk that the cracking farm will decline day by day and then.. arent’ we in the Web(2/3/4).0 era or not ?


2 Comments Online social (and unaware) CAPTCHA cracking

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>