Regresar

Vulnerability of CAPTCHA Systems Using Bots with Computer Vision Abilities

Abstract:

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. They are machine-controlled challenge-response tests used to determine when the user is a human or an automatic program (bot). Attacks perpetrated by malicious bots are one of the most common problems in web systems. To counter these attacks, CAPTCHA systems can be implemented. However, the growth of technologies such as Artificial Vision has caused many of the CAPTCHAS systems to be broken very easily. On the other hand, the implementation of automated processes in computer security has marked an additional complement in the process of searching for vulnerabilities in web systems. In this context, this article aims to automate searching tasks and analyze web systems vulnerabilities through Robotic Process Automation (RPA) tools and artificial vision techniques. As part of the bot development, the UiPath tool in its Community Edition version and the Google Cloud Platform API for artificial vision techniques were used. In the results, the functioning of the developed bot was systematically evaluated by broken the CAPTCHA system based on images of a test page. This proposal is intended to demonstrate that CAPTCHA systems, specifically of the hCAPTCHA type, can be broken using artificial vision techniques in conjunction with the automated processes of a bot.