New Binusmaya captcha disables Portal
Closed this issue · 0 comments
chrsep commented
Binusmaya just replaced the old captcha that Portal have bypassed with a new captcha that requires us to validate by calculating the number presented inside an image.
It seems to works like this
- We make a GET request to https://binusmaya.binus.ac.id/login/captcha.php, and received an image, here the server might associate our cookie with the image and the answer.
- We then fill the form and sent it as a POST request to https://binusmaya.binus.ac.id/login/sys_login.php, with the field
uid
,pass
,defaultLoginReal
, andctl00$ContentPlaceHolder1$SubmitButtonBM
- The server then compares the
defaultLoginReal
field in our POST request above and compares it with the answer already associated with our cookie
We currently see two options:
- Analyze the image and return the value automatically. It's always a 90x32 image, in the format
a (x|+|-) b = ?
, which seems to be simple enough to be analyzed with a neural net or OCR engines. - Ask the captcha to every user on every request and log in. which is annoying, and sub-optimal, but seems pretty easy-to-do
I might be able to fix this, but probably not soon enough due to a crippling number of task, so a pull request would be appreciated.