Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for automatically detecting CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) backhaul logic vulnerability

An automatic detection and verification code technology, applied in the field of information security, can solve the problem of inaccessible users' mailboxes and mobile phones, and achieve the effect of improving vulnerability detection efficiency, strong scalability, and wide application scope.

Inactive Publication Date: 2018-04-10
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the attacker only needs to capture the response packet to obtain the value of the verification code, which leads the attacker to obtain the verification code and complete sensitive operations (such as any user password reset, payment order, etc.) without access to the user's mailbox and mobile phone. etc.)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for automatically detecting CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) backhaul logic vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to enable those skilled in the art to better understand the solutions of the present invention, the present invention will be further described in detail below in conjunction with specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0035] The present invention can automatically detect verification code return logic loopholes, and use Python language to write programs to detect whether there are verification code return logic loopholes at sensitive operations (such as password modification and password reset). Python is an object-oriented interpreted computer programming language, which has rich and powerful libraries, and can use different libraries to complete the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for automatically detecting a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) backhaul logic vulnerability. A realization process comprises the steps of loading a URL corresponding to sensitive operation and carrying out analysis to obtain a mailbox address or a mobile phone number corresponding to the sensitive operation; and sending a CAPTCHA request and checking whether a CAPTCHA value is contained in response data or not, wherein if the CAPTCHA value is contained in the response data, it explains that the CAPTCHA backhaul logic vulnerability exists in the operation, and if the CAPTCHA value is not contained in the response data, it explains that the CAPTCHA backhaul logic vulnerability does not exist in the operation. Compared with the prior art, the method and system for automatically detecting the CAPTCHA backhaul logic vulnerability provided by the invention have the advantages that the automation is realized, the artificial operation is avoided, the vulnerability detection efficiency of a penetration test engineer can be improved, the practicability is high, an application range is wide, and the popularization is easy.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a highly practical method and system for automatically detecting logic loopholes in verification code return transmission. Background technique [0002] In the prior art, the problem of logical loopholes in verification codes is serious and needs to be solved urgently. Logical loopholes refer to that some logic branches cannot be processed normally or are processed incorrectly due to lax program logic or too complicated logic. Logical loopholes generally appear in sensitive operations such as account registration, password modification, password retrieval, order submission, and payment. [0003] Logical vulnerability mining has always been an "enduring" topic in security testing. Compared with traditional security vulnerabilities such as SQL injection and XSS vulnerabilities, today's attackers are more inclined to exploit loopholes in the business logic layer. and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F11/36
CPCG06F11/3684G06F11/3688H04L63/08H04L63/0876H04L63/1433
Inventor 陈栋
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com