Google Recaptcha Bypass Technique Uses Google’s Own Tools

A proof of concept to bypass the Google’s reCaptcha V2 verification system was posted online this Tuesday and it uses Google’s own web-based tools to get into the system.

This tool is named ReBreakCaptcha “It lets you easily bypass Google’s reCaptcha v2 anywhere on the web,” according to the author of this, this tool is only identified as East-Ee Security.

Google has originally rolled out reCaptcha back in 2014 to most of its public services to defeat the bots and scripts which can easily register hundreds of free web-service accounts in seconds. The word CAPTCHA stands for: Completely Automated Procedures for Telling Computers and Humans Apart. The ReCaptcha is Google’s name for its own technology and service which today uses the image, audio or even text challenges to verify the user signing into an account.

The East-Ee Security’s ReBreakCaptcha method can defeat the reCaptcha V2 security using a script which uses Google’s own APIs to capture the audio challenges as the sound files. And then it uses the speech-to-text technology and converts audio into text answers which are then inputted as text-based solutions to the audio-based challenges used in the reCaptcha V2.

To achieve this, first East-Ee Security made a way to access only audio reCaptcha challenges. This is not very difficult as every challenge contains a link, in the form of a tiny pair of headphones, this indicates an audio challenge request is available.

“Some of you may have notice that instead of facing an audio challenge, sometimes you may get a text challenge,” the researcher writes. “To bypass this and get an audio challenge, you simply has to click the ‘Reload Challenge’ button until you get the required type.”

Once the audio challenge is presented reCaptcha allows you to either play the audio file from the webpage or download it.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients