Migrating iMacros security test macros to kantu

For some of our automated penetration tests we use captcha and recaptcha solving services like deathbycaptcha, antcpt or bypasscaptcha. They all support iMacros, what is the best way to use them with Kantu?

Example code from https://bypasscaptcha.com/imacros.php

'This is an imacros example:
'The script fill the captcha of gmail. The red part is needed to modify by your self.
VERSION BUILD=6221002     
TAB T=1     
TAB CLOSEALLOTHERS     
SET !EXTRACT_TEST_POPUP NO
URL GOTO=https://www.google.com/accounts/NewAccount

'Step 1: save the captcha picture to local disk
FILEDELETE NAME=c:\captcha.jpg
ONDOWNLOAD FOLDER=c:\ FILE=captcha.jpg    
TAG POS=1 TYPE=IMG ATTR=ALT:Visual<SP>verification  CONTENT=EVENT:SAVEITEM 

'Step 2: Open the a new tab, and go to bypasscaptcha.com, and submit the captcha picture
TAB OPEN
TAB T=2
URL GOTO=http://bypasscaptcha.com/captcha.php?x=x
'The KEY is used to identify each of our customers, which you can get from the purchase page . It is assigned to the CONTENT.
TAG POS=1 TYPE=INPUT:TEXT FORM=ACTION:upload.php ATTR=NAME:key CONTENT=KEY
'The path of the captcha picture saved is assigned to the CONTENT
TAG POS=1 TYPE=INPUT:FILE FORM=ACTION:upload.php ATTR=NAME:file CONTENT=C:\captcha.jpg
'Submit the userid and the captcha to bypasscaptcha.com
TAG POS=1 TYPE=INPUT:SUBMIT FORM=ACTION:upload.php ATTR=VALUE:Submit 

WAIT SECONDS=#DOWNLOADCOMPLETE# 

'Step 3: Extract the characters that are recoginzed from the picture of captcha.
TAG POS=1 TYPE=FONT ATTR=TXT:* EXTRACT=TXT  
TAB CLOSE
TAB T=1

'Step 4: Fill the recognized characters to the verification box
TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:createaccount ATTR=ID:newaccountcaptcha CONTENT={{!EXTRACT}}

Sure Kantu can do this. What the above imacro script does is to

  1. Extract captcha image with SAVEITEM - in Kantu you can use storeImage instead
  2. Save image to file (ONDOWNLOAD) - in Kantu use localStorageExport
  3. Upload image to captcha breaker api. This works the same in Kantu and imacros. For this use the file that you just exported with localStorageExport, e. g. “c:\test\recaptcha\${filename}.png”
  4. Extract the the characters that are recoginzed from the picture of captcha. iMacros uses TAG… EXTRACT=TXT, in Kantu use storeValue.
  5. Fill the recognized characters to the verification box, iMacros uses TAG…CONTENT, in Kantu use type.

Here is a demo macro. Of course, it does not work with a captcha breaking service (I do not use these), but it “extracts” a website logo, and then uploads it to online OCR, which is the same workflow, just different website. What the macro also does is to generate a random file name for downloading and uploading with Math.random().toString(36).substring(7);.

{
  "CreationDate": "2018-6-13",
  "Commands": [
    {
      "Command": "open",
      "Target": "https://ocr.space/",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Download image (would be the captcha, here it is just a logo)",
      "Value": ""
    },
    {
      "Command": "storeEval",
      "Target": "Math.random().toString(36).substring(7);",
      "Value": "filename"
    },
    {
      "Command": "storeImage",
      "Target": "//*[@id=\"logo\"]/img",
      "Value": "${filename}.png"
    },
    {
      "Command": "localStorageExport",
      "Target": "${filename}.png",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Upload image (would be catpcha breaking service)",
      "Value": ""
    },
    {
      "Command": "open",
      "Target": "https://ocr.space/",
      "Value": ""
    },
    {
      "Command": "type",
      "Target": "id=imageFile",
      "Value": "c:\\test\\recaptcha\\${filename}.png"
    },
    {
      "Command": "click",
      "Target": "link=Start OCR!",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Get results",
      "Value": ""
    },
    {
      "Command": "pause",
      "Target": "3000",
      "Value": ""
    },
    {
      "Command": "storeValue",
      "Target": "id=txtAreaParsedResult",
      "Value": "result"
    },
    {
      "Command": "echo",
      "Target": "The text is ${result}",
      "Value": ""
    }
  ]
}

Any example how to do using with recaptcha2 and with this imacros example below ? (or same example using their api or other service)

https://antcpt.com/eng/imacros/application-example.html

thanks

Converting the antcpt Example for iMacros extension macro to Kantu is easy:

The key line is “store | 120 | !timeout_wait”. It tells to Kantu to wait until captcha recognize is finished before form can be sent. According to this line Kantu waits 120 seconds until the link text “Solved” element appears.

recaptcha-breaking

{
  "CreationDate": "2018-12-11",
  "Commands": [
    {
      "Command": "open",
      "Target": "https://antcpt.com/eng/information/demo-form/recaptcha-2.html",
      "Value": ""
    },
    {
      "Command": "type",
      "Target": "name=demo_text",
      "Value": "test 123"
    },
    {
      "Command": "comment",
      "Target": "Wait up to 2 min (120s) for the Solver Extension to complete its work",
      "Value": ""
    },
    {
      "Command": "store",
      "Target": "120",
      "Value": "!timeout_wait"
    },
    {
      "Command": "comment",
      "Target": "Wait for the word \"Solved\" to show, a normal CLICK command is used for this ",
      "Value": "!timeout_wait"
    },
    {
      "Command": "click",
      "Target": "link=Solved",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Submit form",
      "Value": ""
    },
    {
      "Command": "clickAndWait",
      "Target": "/html/body/main/article/div/form/input[2]",
      "Value": ""
    }
  ]
}

PS: I didn’t know that recaptcha2 captchas can be broken so easily :frowning:

2 Likes

I don’t get it, sorry for ask again but in this way I don’t see the application with the javascript or that code in the link below:

https://antcpt.com/eng/imacros/application-example.html

I think the key here is in the line 14.

Your post shows as I think the solved was by addon right ? (I can’t install the addon here in chrome keep saying security blah blah) but back to main question do you think can adapt instead of using another addon just using the application example in the kantu directly or some example with the api ? (or any other service too).

thanks

I think you only need to convert each iMacros javascript call

URL GOTO=javascript:(function(){var<SP>d=document.get...

to this one in Kantu

storeEval | (function(){var d=document.get.....

The macro below runs without errors, but I can not completely test it, since I have no api key. I get “Account authorization key not found in the system”

{
  "Name": "k1",
  "CreationDate": "2018-12-13",
  "Commands": [
    {
      "Command": "open",
      "Target": "https://antcpt.com/rus/demo-form/recaptcha-2.html",
      "Value": ""
    },
    {
      "Command": "storeEval",
      "Target": "(function(){var d=document.getElementById(\"anticaptcha-imacros-account-key\");d||(d=document.createElement(\"div\"),d.innerHTML=\"{{antiCaptchaApiKey}}\",d.style.display=\"none\",d.id=\"anticaptcha-imacros-account-key\",document.body.appendChild(d))})();",
      "Value": ""
    },
    {
      "Command": "storeEval",
      "Target": "(function(){var s=document.createElement(\"script\");s.src=\"https://cdn.antcpt.com/imacros_inclusion/recaptcha.js?\"+Math.random();document.body.appendChild(s);})();",
      "Value": ""
    }
  ]
}
2 Likes

Hello!
Here is the link to the small article with the all the examples you need:
[[couldn’t post a link here, we sent you it to your email]]
We hope it helps! Best regards!

Do you have an example to using with Kantu already ?

1 Like

I don’t mind, please use it. Thanks for asking!

1 Like

@AntiCaptchaPlugin

Do you also have a solution for converting this part to Kantu/storeEval?

1 Like

I used yours, it worked just fine! Thank you!
Maybe there is a better way to make this work)
I’m not very good at Kantu, but liked this tool more than iMacros. It looks more technological and modern.

Yes, we do. Go to our website and choose “Kantu” in our main menu, you’ll see a small article with examples, that are based on posts of JYamamoto and Timo (thank them;).
We’ve tested these snippets with or without our extension installation. But we always recommend to install an extension though. It gets all the fixes and features in a first place.

1 Like

Do you have any Kantu example how to use with geetest captcha too ?

Edit: or the service don’t have support to geetest ?

Unfortunately we don’t support GeeTest yet, but we added it to our ToDo list. But it may take a while, please be patient!
Best regards!

1 Like

Hey man I found this I don’t know if can help you implement geetest automatically solver maybe ?

1 Like

We’ll check it, thank you!

1 Like

Hello, thanks for the update. So I will waiting for the geetest implementation there. Cheers.

Can you give me to solve captchas geetest with imacros windows please urges me, and tried everything and does not work geetest has changed there is trap in the challenge to expired, I consumed my unresolved credit. I’m desperate help.

1 Like

For kantu exist solution to automate captcha ?

1 Like

Yes, sure, google “AntiCaptcha extension Kantu”. First link you see is what you need. Can’t add links to this post due to forum rules =D