Timeline for Relay attack against Captcha
Current License: CC BY-SA 3.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 6, 2017 at 0:56 | comment | added | alg | About using the IP, in addition to the issue you mentioned, another problem is also when using proxies (e.g. companies that have thousands of users with the same IP address) – so I think the IP is not reliable and guaranteed , but I am not sure whether the user-agent can be used for this purpose or not? | |
| Feb 6, 2017 at 0:56 | comment | added | alg | OR 2) downloading the Captcha image in his/her browser using a script (scraper) and then takes a screenshot/reading the image's pixels (here I do not know how! is this possible? please, if yes - let me know how?) , and then uploads it to the C&C server in order to forward it to the human solver. | |
| Feb 6, 2017 at 0:55 | comment | added | alg | My thought was as follows: because the Captcha image is used only once, there are two possible scenarios: 1) an attacker redirects the requested image directly - using its link - (is this possible? if yes! how?) to Human third-party (e.g. sweatshops in India) to decipher CAPTCHA code in exchange for small money. | |
| Feb 5, 2017 at 23:54 | history | answered | DepressedDaniel | CC BY-SA 3.0 |