GithubHelp home page GithubHelp logo

captcha_orz's Introduction

captcha_orz

0x01 前言

安全测试过程中经常遇到接口存在验证码的场景,很多时候我们也许是束手无策的,基于tensorflow编写了简单的应用希望可以解决普通验证码识别问题,后续还会更新基于yolo3针对物体检测识别更有意思的验证码问题,比如: 12

本期主要是针对普通验证码识别系统构建的说明,项目代码中已经训练好了四个模型,可直接使用

模型下载地址:

https://pan.baidu.com/s/1GYy1_BQ_rBekBujofq7qEw  密码:l5ti

下载完毕解压到model_server/models文件夹下

参考样本下载地址:

链接:https://pan.baidu.com/s/10EZ6M6mHjm-vY8_XVxDt_A  密码:joqi

样本下载完毕,解压到model_server/images/目录即可 图片样例如下:

模型编号 类型 样例
1 算术 1111
2 大小写字母+数字 1111
3 四位大写字母+数字 1111
7 五位小写字母 1111

model_server目录信息如下: 11

0x02 安装指南

0x0201 环境搭建

centos7

执行以下命令进行安装或者更新

yum install -y tkinter tk-devel
yum –y install gcc tkinter zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tcl-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel expat-devel

python环境

python3.6

pip install scipy numpy iPython jupyter pandas sympy nose scikit-learn Pillow captcha  matplotlib tensorflow==1.11 redis

mac

brew install pyqt
pip3 install PyQt5

python3

import matplotlib

matplotlib.matplotlib_fname()

编辑显示的文件 输入backend :Qt4Agg

python环境 python3.6

0x0202 启动redis

下载地址: https://redis.io/download

redis充当消息队列,安装完redis启动即可,比如mac下:

../redis-server

0x0303 启动django

安装依赖(requeirements.pip里已经包含了机器学习用到的库)

pip install -r requirements.txt

初始化django

python manage.py migrate

启动django

python manage.py runserver 0.0.0.0:8000

通过修改 orz/apps/capcha_v1/constants.py 中 MODELNOS列表中的值选择检测支持的模型,当然前提是对应的模型已经在上一步中已成功启动

此时可通过api查看接口信息 http://127.0.0.1:8000/api/capcha_v1/checkmodel/ 基本架构

0x0304 启动nginx

参考链接: 配置ng反向代理

mac下ng配置文件目录默认为 /usr/local/etc/nginx 添加圈中部分

location /api {
            proxy_pass   http://127.0.0.1:8000; # 后端接口 IP:port
        }

ng配置

将orz_fe文件夹下的前端代码复制到 /usr/local/var/www 下

静态文件目录 访问 http://127.0.0.1:8001 ng配置

通过http://127.0.0.1:8001/#/reg 即可注册账号,邀请码:vksrc

0x0305 启动模型

模型训练完成即可启动模型 为了可以实现对验证码进行模型预检测,对识别模型进行了分类,

参数 值举例 备注
m 7 模型编号
e Check Check/Prod,Check对应模型检测模块,Prod对应批量检测模块
l 5 验证码长度,该参数必须和模型训练时参数匹配
模型训练完启动生产和测试模型即可

实例中已经训练了四个模型供大家参考,切换至model_server目录下

python service.py -m 7 -e Check -l 5 # 启动测试接口
python service.py -m 7 -e Prod -l 5  # 启动生产接口

其他模型以此类推

0x0306 api接口

  1. 检测模型接口

访问http://127.0.0.1:8001/#/app/forms-models-check 上传实例验证码(位于orz/model-server/images目录下)可进行模型校验 基本架构

  1. 通过提交base64和模型编号进行识别

    url:http://127.0.0.1:8000/api/capcha_v1/uploadbase64/

    post内容如下:

    {"modelNo": 7,"content": "R0lGODlhRgAUAPZ9AAAAAAxfDBZbFgBkAQNoAwpqCgBvEg9tEBJvEgBxFhVwFRdyGBt0GyF3ACd9ACRWIwB3IAB7JwB+KSB3ICV6JCx+LGU7ZXU0dQCDNC+ALzOCMzmGOT6JPkSMAFCTAHCnAH2zAEGJPgDWAAD1AACMQwCRTUKMQkiNRUmPSUyRTFSVVFyaXGGdYWagZm2kbXOlbnSpdHute4SyAJW8AJ/CAKnIALnSAL3cANPhANDoAOTrAO/yAPX1AP/1AIKzfQAA9YMvg4sri4AwgJwnlqgfqLEcsckSye4D7vUA9f8A9fUA/wCwgAC2iwC8lADPvQDWtADj1gDr5ADu6QD19QD/9QD1/4Oyg4y3jI64joy3kpS7lJq/mpPBk5zDnKHAm6PEo6vJrKvJsrLNs7rNsrzUvMLXwsbZxsrbys/e19Df0NXi1dvm29/o3+fn3tjk4eLq4u/s5uru6u7x7vj77ufs8Ojt8fX19f/19fX/9f//9fX1///1//X//////wAAAAAAACH5BAAAAAAALAAAAABGABQAAAf+gABII3Z2SIU8d4WLjHhTVXZ4iot3h3qFk42MdmIxLCsuaXaKPJuFl3aEpneKqIV4eIams3alm3e2i2gUAwwmKSdijKW5SHq5mIVTyYVyc5mmSa+RrszKySkDW7Szioqxi+CbcQVkm5eH4ovLucumyxUEcdeHhXmmyJg8PHK1dmp1DA14YkvPvCmXwJFRsYkHuHqI7Kw5U2EACBgrUGhYU0hVoUPQGMlhwNAOkAEwLgUAE8mOlQE47EzBsu0OkwmIYrWZ8cbfpooDBiioQGLFC47cIkmzg2oEiwFs7MQ4cECHHQZdkEy5Q2ZAl38DCsi5A4PDJicDwFzK1IOHETT+T4U1ZKRIjcc7qEqdGbDEDgwWDHzgoTDE0pECLO6AgUCA5YoVm7YMMGNHSpF+sgrFGOBlSj5KtVRoYORu0QYGfltgMRAHQxY9qkxQcKkCBQs7JmKMWiRkQE8YA1rgQXKFAx49WgZY+fiKz247VXhUwOlTUb0vaV+8OMLAionl4DZHWWGFC2oKWhaValHg3wEGF+zIEaDbDhGU07rZKXCCx6VqzTCQggswuMTACfWNYsMANWQQxhoDlHHAGBHZkUIEdnjAggYy2HGFAvPY0RVkdvTBDYQtfHQIRMdsVkKBcSBQgAuMHEGACwNAYYcGOKrByA8VnEBGVejt0N0iaQz+0AEPU7C4iRgDXCELHkFAJw4bBBCg2x2bWVCaHRwscIAhUw2AWUsKsFCBlAp80YQCUrBiRx0DVMCcO8uAk5wYnsWhwgB5ECLOn8vZEYUIIS6y2QYImSHUJnIMMIED/RQARgOFLlIAA8uEZEgpOEKBRw4SFPDVK7jYYcQVbuzx3CZkVCDEPi7RsAmEA1BoxwAWgAjOJStYkMkySTCJCAoE7PDFAROcsYlHMm0SSz0hfbZGBx4U8kZYmfoXEhKZoDLYAx8MkAIc1dHV0ik/LJPQJHqI4ylTYClwJiqofNMSSEjIQUBQuikB2ry0QJRUfnakcYNP/nzmLjhytJCAXAA1mpKOuvR+ue5ndiSxjMAFM3KJfzwgUXJmVYiDBzHrYFIaKlSEM6W712xisEzQnrOMO8jgEQgAOw=="}```

生产接口

0x03 模型训练

在获取足够样本情况下可以进行模型训练,准备工作如下

  1. 样本目录

    样本目录在**./images/{modelNo}**目录下,样本数量尽可能多,一般不要少于300

  2. 样本格式

    样本格式请统一为:{编号}_{样本属性}.[png,jpeg,jpg]

    如:

    * 2_abcde.jpeg
* 53_1zd1.jpg
* 1_6*1=?.png

  3. 模型存储

    模型存储为**./models/{modelNo}**

    ps: 训练前请再models目录下新建模型编号对应的文件夹

  4. 开始训练

    当上述内容准备完毕以后,准备训练模型吧 首先修改gen_captcha.py中的modelNo和MAX_CAPTCHA,该变量关联样本目录和模型存储目录,然后运行如下命令即可

    python training.py

0x04 致谢

  1. 感谢好友AnYeMoWang帮忙review代码
  2. 优秀的模型需要大量有效的样本,如果大家想贡献样本可以联系我们,模型训练完会共享到github

0x05 参考链接

captcha_orz's People

Contributors

m0l1ce avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

solosec m0l1ce xiaofengtongxue v1cker crackercat imgoogege qsdj freegit9527 fakegit z330789559 yanxiaofei395118 ruolunhui hworm dogmapper mrzeng bluerangala zcdy fucora eddylapis vickkyy foreveryouni zqguang3708 encounter-with-you dddddz belinkang since92x langyayue cv-ljy zhguo aliluyala nearlee2008 sayass changqingzou stantoxt klsnow amd5 wqk666999 wlkjyh lwsyes

captcha_orz's Issues

验证码无效?

在代码和数据库里都没找到邀请码,导致注册不了无法使用

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.