Buster: Captcha Solver for Humans
Don’t you just hate it when you’re browsing around the Web, minding your own business, and suddenly you see something like this pop up right in front of your bloodshot eyes?
If your eyes are old and weary like mine, you may find it hard to pick out the the things you’re supposed to find in the picture – for instance finding all the traffic lights in the somewhat blurry captcha in the example above.
Wouldn’t it be nice if you had a way to automatically solve these crazy captchas without straining your eyeballs and raising your blood pressure?
Unfortunately, due to the limitations of technology, there is no 100% perfect captcha solver, but there is an extension that claims to be able to help you automatically solve most captchas so you don’t have to. The extension is available for Chrome, as well as Firefox and Opera.
You can install the Chrome extension by visiting this page. If you’re using Firefox or Opera, read on.
Without further verbosity or fanfare, let me introduce to you, the architect of Buster: Captcha Solver for Humans, the one and only Armin Sebastian:
Save time by asking Buster to solve captchas for you.
Buster is a Chrome extension which helps you to solve difficult captchas by completing reCAPTCHA audio challenges using automatic speech recognition. Challenges are solved by clicking on the extension button at the bottom of the reCAPTCHA widget.
It is not guaranteed that challenges are always solved, the limitations of the technology need to be considered.
The continued development of Buster is made possible thanks to the support of awesome backers. If you’d like to join them, please check out https://www.patreon.com/dessant
reCAPTCHA challenges remain a considerable burden on the web, delaying and often blocking our access to services and information depending on our physical and cognitive abilities, our social and cultural background, and the devices or networks we connect from.
The difficulty of captchas can be so out of balance, that sometimes they seem friendlier to bots than they are to humans.
The goal of this project is to improve our experience with captchas, by giving us easy access to solutions already utilized by automated systems.
The extension is also available for Firefox and Opera:
https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/
https://addons.opera.com/en/extensions/details/buster-captcha-solver-for-humans/
Reviews are not monitored for bug reports, please use GitHub for issues and feature requests.
I discovered that there’s a lot easier way out of that dilemma without adding more overhead to your browser. Choose the Audio option instead of the picture option. When you do, it will pop up a screen where you play a message and type in what was said, which will be like a phrase from a sentence. I used to waste so much time going over those awfully poor images as many as a dozen times, often without even getting it then. Audio is usually done in one quick try.
How is this easier than letting an extension solve the captcha ? You’re still solving the captcha manually, by listening. Why not let and extension do it?
Wait. Isn’t the point of these things to PREVENT bots? So if a bot can solve them, doesn’t that render them useless? Why are they even still being used? And why doesn’t everybody just use the ‘I Am Not A Robot’ checkbox thingy? That is way more convenient!
Clicking the “I am not a robot” button often leads to the captcha challenge.
Thanks so much for pointing my way to this addon
I found this at blackhat.com/docs/asia (2016). It could be if we are blocking are identity and making are security tighter it is just making it harder to read for these things. I’m guessing but it sure sounds that way. I felt like I had solved theses before and it still took several times to get through. Anyway here is what blackhat said and remember this is 2016:
Understanding Recaptcha
The reCaptcha service offered by Google, is the most widely used captcha service, and has been adopted by
many popular websites for preventing automated bots from conducting nefarious activities. Google announced
that deployment of a new reCaptcha mechanism designed to be more human-friendly and secure.
Widget
When visiting a webpage protected by reCaptcha, a widget is displayed . The widget’s
JavaScript code is obfuscated, to prevent analysis from third parties. When the widget loads, it collects information
about the user’s browser which will be sent back to the server. Furthermore, it performs a series of checks for
verifying the user’s browser.
Workflow
Once the user clicks in the checkbox, a request is sent to Google containing (i) the
Referrer
, (ii) the website’s
sitekey
(obtained when registering for reCaptcha), (iii) the cookie for
google.com
, and (iv) the information gen-
erated by the widget’s browser checks (encrypted). The request is then analyzed by the
advanced risk analysis
system, which decides what type of captcha challenge will be presented to the user.
Challenge Type
The different type of challenges varies from user to user. Harder challenges will be presented if a specific user has
low reputation or requests multiple challenges or provides several wrong answers many times. In our experiments
we came across the following versions of reCaptcha:
•
“No captcha reCaptcha”
. The new user-friendly version is designed to completely remove the
difficulty of solving captchas. Upon clicking the checkbox in the widget, if the advanced risk analysis system
consider the user have high reputation, the challenge will consider to be solved and no action required from
the user. For the remainder of the paper, we will refer to this type of captcha as the
checkbox
captcha.
Image reCaptcha
This new version is built on the notion that identifying images with similar content.
The challenge contains a sample image and 9 candidate images, and the user is requested to select those
that are similar to the sample. The challenge usually contains a keyword describing the content of the images
that the user is required to select. The number of correct images varies between 2 and 4.
•
Text reCaptcha
These distored texts are returned when the advanced risk analysisconsider
the user to have a lower reputation. (e) is fallback captcha which will be selected when the
User-Agent
fails
certain browser checks, the widget automatically fetches and presents a challenge of this type, before the
checkbox is clicked. Over the period of the following 6 months, text captchas appeared to be gradually “phased
out”, with the image captcha now being the default type returned, as these captchas are harder for humans to
solve despite being solvable by bots.
Solution
Once the challenge has been presented to the user, it has to be answered within 55 seconds. Otherwise, the user
is required to click on the checkbox again to receive a new challenge. Once the user clicks, an HTML field called
recaptcha-token
is populated with a token. If the user is deemed legitimate and not required to solve a challenge,
the token becomes valid on Google’s side. The token is submitted to the website when completing the desired
action. The website sends a verification request through the reCaptcha API which contains: (i) a shared secret,
(ii) the response token and, optionally, (iii) the user’s IP address. The response indicates if the verification was a
success.
Ethics and disclosure
We have disclosed a report with our findings and recommendations to Google, in an effort to assist them in making
reCaptcha more robust to automated attacks.