【实战】burp VPS 动态识别验证码(OCR)

参考文章

https://mp.weixin.qq.com/s/VzZQrMcj1BgMWrkvwd2z0Q

1、vps 下载ddddocr api server

git clone https://github.com/sml2h3/ocr_api_server.git
cd ocr_api_server
# 编译镜像
docker build -t ocr_server:v1 .
# 运行镜像
docker run -p 9898:9898 -d ocr_server:v1

验证连通性

curl -v http://ip:9898/ping

2、没啥好写的了,加载插件开始操作

模板格式

POST /ocr/b64/json HTTP/1.1
Host:IP:9898
Authorization:Basic f0ngauth
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 8332

<@BASE64><@IMG_RAW></@IMG_RAW></@BASE64>

 

 别忘记了正则匹配提取结果哈,定好规则后直接右键保存

burp intruder调用

来个效果图:

 

posted @ 2022-07-20 14:47  Carrypan  阅读(462)  评论(0编辑  收藏  举报