clipcaptcha by Foundstone is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike's sslstrip codebase. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file that it queries to identify CAPTCHA provider request formats and render corresponding responses.
Python 2.5 or newer
Twisted Python Module
Run 'python clipcaptcha.py -h' for help.
The four steps to getting this working on Linux are:
clipcaptcha can be run in one of the following five operational modes and selecting more than one operation mode is an error:
Once clipcaptcha instance starts running, all CAPTCHA validation requests will be administered by clipcaptcha.
Signature based CAPTCHA provider detection:
All CAPTCHA providers are basically HTTP based custom web services. These services accept CAPTCHA validation requests in a particular format and respond with finite set of responses that allow the clients to make Boolean choices to allow or disallow the request. clipcaptcha takes advantage of this finite and predictable request and response data set to implement signature based request detection and response system. For additional details please refer clipcaptcha whitepaper.
The default configuration contains signatures for reCAPTCHA, opencaptcha and captchator.
|clipcaptcha.py -m -l 7777||# Run clipcaptcha in monitor mode listening on port 7777.|
|clipcaptcha.py -a -l 8888||# Run clipcaptcha in avalanche mode and approve all CAPTCHAs
# for which signatures are available)
|clipcaptcha.py -s clipcaptcha||# Run clipcaptcha in stealth mode and approve all CAPTCHA
# requests which contain the secret string "clipcaptcha"