Buster: Captcha Solver for Humans

By | December 13, 2018
Print Friendly, PDF & Email

Buster: Captcha Solver for Humans

Don’t you just hate it when you’re browsing around the Web, minding your own business, and suddenly you see something like this pop up right in front of your bloodshot eyes?

Cloudeight InfoAve Tips and Tricks

If your eyes are old and weary like mine, you may find it hard to pick out the the things you’re supposed to find in the picture – for instance finding all the traffic lights in the somewhat blurry captcha in the example above.

Wouldn’t it be nice if you had a way to automatically solve these crazy captchas without straining your eyeballs and raising your blood pressure?

Unfortunately, due to the limitations of technology, there is no 100% perfect captcha solver, but there is an extension that claims to be able to help you automatically solve most captchas so you don’t have to. The extension is available for Chrome, as well as Firefox and Opera.

You can install the Chrome extension by visiting this page. If you’re using Firefox or Opera, read on.

Without further verbosity or fanfare, let me introduce to you, the architect of Buster: Captcha Solver for Humans, the one and only Armin Sebastian:

Save time by asking Buster to solve captchas for you.

Buster is a Chrome extension which helps you to solve difficult captchas by completing reCAPTCHA audio challenges using automatic speech recognition. Challenges are solved by clicking on the extension button at the bottom of the reCAPTCHA widget.

It is not guaranteed that challenges are always solved, the limitations of the technology need to be considered.

The continued development of Buster is made possible thanks to the support of awesome backers. If you’d like to join them, please check out https://www.patreon.com/dessant

reCAPTCHA challenges remain a considerable burden on the web, delaying and often blocking our access to services and information depending on our physical and cognitive abilities, our social and cultural background, and the devices or networks we connect from.

The difficulty of captchas can be so out of balance, that sometimes they seem friendlier to bots than they are to humans.

The goal of this project is to improve our experience with captchas, by giving us easy access to solutions already utilized by automated systems.

The extension is also available for Firefox and Opera:

https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/

https://addons.opera.com/en/extensions/details/buster-captcha-solver-for-humans/

Reviews are not monitored for bug reports, please use GitHub for issues and feature requests.

https://github.com/dessant/buster

6 thoughts on “Buster: Captcha Solver for Humans

  1. Charles H.

    I discovered that there’s a lot easier way out of that dilemma without adding more overhead to your browser. Choose the Audio option instead of the picture option. When you do, it will pop up a screen where you play a message and type in what was said, which will be like a phrase from a sentence. I used to waste so much time going over those awfully poor images as many as a dozen times, often without even getting it then. Audio is usually done in one quick try.

    Reply
    1. infoave Post author

      How is this easier than letting an extension solve the captcha ? You’re still solving the captcha manually, by listening. Why not let and extension do it?

      Reply
  2. SB

    Wait. Isn’t the point of these things to PREVENT bots? So if a bot can solve them, doesn’t that render them useless? Why are they even still being used? And why doesn’t everybody just use the ‘I Am Not A Robot’ checkbox thingy? That is way more convenient!

    Reply
    1. infoave Post author

      Clicking the “I am not a robot” button often leads to the captcha challenge.

      Reply
  3. D.

    I found this at blackhat.com/docs/asia (2016). It could be if we are blocking are identity and making are security tighter it is just making it harder to read for these things. I’m guessing but it sure sounds that way. I felt like I had solved theses before and it still took several times to get through. Anyway here is what blackhat said and remember this is 2016:

    Understanding Recaptcha
    The reCaptcha service offered by Google, is the most widely used captcha service, and has been adopted by
    many popular websites for preventing automated bots from conducting nefarious activities. Google announced
    that deployment of a new reCaptcha mechanism designed to be more human-friendly and secure.
    Widget
    When visiting a webpage protected by reCaptcha, a widget is displayed . The widget’s
    JavaScript code is obfuscated, to prevent analysis from third parties. When the widget loads, it collects information
    about the user’s browser which will be sent back to the server. Furthermore, it performs a series of checks for
    verifying the user’s browser.
    Workflow
    Once the user clicks in the checkbox, a request is sent to Google containing (i) the
    Referrer
    , (ii) the website’s
    sitekey
    (obtained when registering for reCaptcha), (iii) the cookie for
    google.com
    , and (iv) the information gen-
    erated by the widget’s browser checks (encrypted). The request is then analyzed by the
    advanced risk analysis
    system, which decides what type of captcha challenge will be presented to the user.

    Challenge Type
    The different type of challenges varies from user to user. Harder challenges will be presented if a specific user has
    low reputation or requests multiple challenges or provides several wrong answers many times. In our experiments
    we came across the following versions of reCaptcha:

    “No captcha reCaptcha”
    . The new user-friendly version is designed to completely remove the
    difficulty of solving captchas. Upon clicking the checkbox in the widget, if the advanced risk analysis system
    consider the user have high reputation, the challenge will consider to be solved and no action required from
    the user. For the remainder of the paper, we will refer to this type of captcha as the
    checkbox
    captcha.

    Image reCaptcha
    This new version is built on the notion that identifying images with similar content.
    The challenge contains a sample image and 9 candidate images, and the user is requested to select those
    that are similar to the sample. The challenge usually contains a keyword describing the content of the images
    that the user is required to select. The number of correct images varies between 2 and 4.

    Text reCaptcha
    These distored texts are returned when the advanced risk analysisconsider
    the user to have a lower reputation. (e) is fallback captcha which will be selected when the
    User-Agent
    fails
    certain browser checks, the widget automatically fetches and presents a challenge of this type, before the
    checkbox is clicked. Over the period of the following 6 months, text captchas appeared to be gradually “phased
    out”, with the image captcha now being the default type returned, as these captchas are harder for humans to
    solve despite being solvable by bots.

    Solution
    Once the challenge has been presented to the user, it has to be answered within 55 seconds. Otherwise, the user
    is required to click on the checkbox again to receive a new challenge. Once the user clicks, an HTML field called
    recaptcha-token
    is populated with a token. If the user is deemed legitimate and not required to solve a challenge,
    the token becomes valid on Google’s side. The token is submitted to the website when completing the desired
    action. The website sends a verification request through the reCaptcha API which contains: (i) a shared secret,
    (ii) the response token and, optionally, (iii) the user’s IP address. The response indicates if the verification was a
    success.

    Ethics and disclosure
    We have disclosed a report with our findings and recommendations to Google, in an effort to assist them in making
    reCaptcha more robust to automated attacks.

    Reply

Leave a Reply to infoave Cancel reply

Your email address will not be published. Required fields are marked *