对于带验证码的爆破,需要对验证码进行识别
可以使用captcha-killer-modified搭配Burp
进行爆破
同时推荐ddddocr
现在是2023年9月7日,Pillow==9.5.0
当前的ddddocr
并未对版本进行兼容
我改了两个docker,有需要可以直接拉取部署
1 2 3 4
| # centos docker pull 329106954/ocr_server:centos # mac Inter芯片 docker pull 329106954/ocr_server:mac
|
验证码填写
1 2 3 4 5 6 7 8 9 10 11 12
| POST /ocr/b64/text HTTP/1.1 Authorization:Basic f0ngauth User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: raw Content-Length: 8332
<@BASE64><@IMG_RAW></@IMG_RAW></@BASE64>
|