Breaking Captchas with Golang: Leveraging the Power of 2captcha

Cover Image for Breaking Captchas with Golang: Leveraging the Power of 2captcha

Understanding the Role of Captchas in Digital Security

In today's digital landscape, where cyber threats lurk around every virtual corner, safeguarding sensitive information is of paramount importance. One crucial tool that plays a pivotal role in enhancing digital security is captchas. Captchas, short for "Completely Automated Public Turing tests to tell Computers and Humans Apart," act as a gatekeeper, effectively distinguishing human users from malicious bots. They were invented in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper, and John Langford at Carnegie Mellon University. The original CAPTCHAs were text-based and required users to identify distorted words or letters.

These ingenious puzzles serve a lot of purposes. They help prevent a variety of attacks like:

  • Spam: Spam is unsolicited electronic messages, typically sent in bulk. CAPTCHAs can be used to prevent spam bots from creating accounts or sending messages by requiring users to solve a CAPTCHA before they can create an account or send a message.

  • DDoS attacks: A DDoS attack is a distributed denial-of-service attack. This type of attack is designed to overwhelm a website or online service with so much traffic that it becomes unavailable to legitimate users. CAPTCHAs can be used to prevent DDoS attacks by making it more difficult for attackers to generate large numbers of requests.

  • Credential stuffing: Credential stuffing is a type of attack where attackers try to use stolen login credentials to access multiple accounts. CAPTCHAs can be used to prevent credential stuffing attacks by making it more difficult for attackers to try login credentials on multiple websites.

  • Phishing: Phishing is a type of attack where attackers send fraudulent emails that appear to be from a legitimate source. The goal of phishing is to trick the recipient into clicking on a malicious link or providing personal information. CAPTCHAs can be used to prevent phishing attacks by making it more difficult for attackers to create realistic-looking phishing emails.

  • Click fraud: Click fraud is a type of attack where attackers click on ads without human interaction. This type of attack is used to generate revenue for the attacker. CAPTCHAs can be used to prevent click fraud by making it more difficult for attackers to click on ads without human interaction.

By incorporating captchas, website owners can fortify their defense against various cyber threats, such as spam, fraud, and unauthorized access. The utilization of visual or audio-based challenges, often involving distorted characters or logical tasks, impedes automated programs' ability to infiltrate online platforms.

How did Captchas even come into the picture?

Well, this dates back to a paper titled "Computing Machinery and Intelligence" that was published in 1950 by the famous and legendary computer scientist, mathematician, logician, cryptanalyst, philosopher, and theoretical biologist 🤯.

Are you able to guess who I am talking about?

Well here is a hint 💡: He is famously regarded as the father of modern computer science.

Alan Turing

Yes, none other than Alan Turing.

He asked a question "Can a computer talk like a human?". This question led to an idea for measuring artificial intelligence that would famously come to be known as the Turing test. Turing proposed the following game. A human judge has a text conversation with unseen players and has to evaluate their responses. To pass the test, a computer must be able to replace one of the players without substantially changing the results. In other words, a computer would be considered intelligent if its conversation couldn't be easily distinguished from a human's.

Believe it or not, this same principle is used today to differentiate between a real human and a bot. You can think of captchas as simplified and automated Turing Test and every time you are able to solve a captcha you are basically passing a mini Turing Test.

P.S: If you are also a movie buff I would highly encourage you to watch the movie The Imitation Game where Benedict Cumberbatch played the role of Alan Turing.

Now, that you know a brief about how captchas came into the picture, let's learn the different types of captchas.

What are the different types of captchas?

You might have across different types of captchas while surfing the internet, here are the broad categories of captchas:

  1. Text CAPTCHA: The oldest and most common type of CAPTCHA, this involves inputting text from a distorted or obscured image. The logic here is that humans can interpret obscured text while bots cannot.

  2. Image CAPTCHA: This type of CAPTCHA involves identifying specific types of objects or patterns in an image. For instance, a user might be asked to select all squares of a grid containing traffic lights or buses.

  3. Audio CAPTCHA: For users with visual impairments, audio CAPTCHAs are used. In this case, a short audio clip is played and the user is asked to type the words or numbers that they hear.

There are a bunch of service providers available who allow you to use their captcha services on your websites. Some of the most popular ones include:

Now, from a personal point of view I kind of hate solving these captchas, and finding the traffic lights.

16 Times People Struggled With These Captchas So Much, They Shared It  Online | Bored Panda

So, I started looking if there were any ways to bypass these irritating captchas and I landed upon a goldmine 2captcha. Turns out, these captchas weren't as secure as I used to believe. Today we will look at a demo of how I ended up writing a script to bypass these captchas.

But, before that, let's learn about 2Captcha.

What is 2Captcha?

2Captcha operates as a real-time CAPTCHA decoding service, proficient in distinguishing and interpreting captchas with accuracy. It leverages human intellect for image recognition tasks, ensuring high levels of precision. Offering compatibility with a wide range of programming languages through its API, 2Captcha can identify and solve a diverse variety of CAPTCHA types. In fact, 2Captcha can actually solve all the captcha types I mentioned above.

So, without further ado, let's use the Golang module of 2Captcha and build ourselves a CLI tool. You will be amazed to see how easy it is to use this service.

Building the Golang CLI tool

So, the first step would be to create an account in 2Captcha and get our API key.

1. Creating our 2Captcha account

Visit their website https://2captcha.com/ and then sign in with your method of choice. After that, you will land on a page like this:

Select the left option of "I'm a customer" and then you will be redirected to the dashboard where you can see your API key.

Now, to further move ahead with our project make sure that you have Golang installed in your machine. To check that simply run go version in the terminal and it should show the version of Golang that is installed. If it gives an error, you will have to install Golang.

Once you are done with all these we can finally initialize our Golang Project.

2. Initialize our Golang Project

To get started, let's initialize a new Golang project. Open your terminal or command prompt and follow the steps below:

  1. Create a new directory for your project:

     mkdir captcha-solver
     cd captcha-solver
    
  2. Initialize the Go module:

     go mod init github.com/your-username/captcha-solver
    

    Replace your-username with your actual GitHub username or any other relevant identifier.

  3. Create a new Go source file named main.go:

     touch main.go
    

You have now set up the basic structure for your Golang project.

3. Installing Required Modules

To interact with the 2Captcha service, we need to install the 2captcha-go library. Run the following command to install the required module:

go get github.com/2captcha/2captcha-go

The module will be downloaded and added to your project's go.mod file.

Finally, we will write the code for our captcha solver.

4. Building the Captcha Solver

Now let's proceed with building the captcha solver. Open the main.go file in a text editor and add the following code:

package main

import (
    "flag"
    "fmt"
    "io/ioutil"
    "log"
    "os"

    "github.com/2captcha/2captcha-go"
)

const apiKey = "<API-KEY>" // Replace with your actual API key

func main() {
    // Parse input arguments
    captchaImagePath := flag.String("image", "", "Path to the captcha image file")
    flag.Parse()

    // Verify that the captcha image path is provided
    if *captchaImagePath == "" {
        fmt.Println("Please provide the captcha image path.")
        flag.PrintDefaults()
        os.Exit(1)
    }

    // Load the captcha image
    _, err := ioutil.ReadFile(*captchaImagePath)
    if err != nil {
        fmt.Printf("Failed to read captcha image: %v\n", err)
        os.Exit(1)
    }

    // Initialize the 2Captcha client
    client := api2captcha.NewClient(apiKey)

    // Use the 2Captcha client to solve the captcha
    cap := api2captcha.Normal{
        File: *captchaImagePath,
    }

    captchaText, err := client.Solve(cap.ToRequest())
    if err != nil {
        if err == api2captcha.ErrTimeout {
            log.Fatal("Timeout")
        } else if err == api2captcha.ErrApi {
            log.Fatal("API error")
        } else if err == api2captcha.ErrNetwork {
            log.Fatal("Network error")
        } else {
            log.Fatal(err)
        }
    }

    // Output the solved captcha text
    fmt.Printf("Solved captcha: %s\n", captchaText)
}

Now, let's break down the code and understand each section's functionality.

Parsing Input Arguments

captchaImagePath := flag.String("image", "", "Path to the captcha image file")
flag.Parse()

This code uses the flag package to parse input arguments provided when running the program. We define a flag named image that represents the path to the captcha image file. The flag.Parse() function is then called to parse the input arguments.

Loading the Captcha Image

_, err := ioutil.ReadFile(*captchaImagePath)
if err != nil {
    fmt.Printf("Failed to read captcha image: %v\n", err)
    os.Exit(1)
}

In this section, we use the ioutil.ReadFile() function to load the contents of the captcha image file specified by the user. If there is an error while reading the file, an error message is printed, and the program exits.

Initializing the 2Captcha Client

client := api2captcha.NewClient(apiKey)

Here, we initialize the 2Captcha client by creating a new instance of api2captcha.Client with the provided API key. Remember to replace the API key with the key that you saw in your dashboard.

Solving the Captcha

cap := api2captcha.Normal{
    File: *captchaImagePath,
}

captchaText, err := client.Solve(cap.ToRequest())

To solve the captcha, we create a Normal struct instance from the api2captcha package and pass the captcha image file path to it. Then, we call the Solve() method of the 2Captcha client, passing the ToRequest() method's result from the cap struct as an argument. This method sends the captcha image to the 2Captcha service for solving and returns the solved captcha text.

Outputting the Solved Captcha Text

fmt.Printf("Solved captcha: %s\n", captchaText)

Finally, we output the solved captcha text to the console using fmt.Printf().

Conclusion

Congratulations! You have successfully built a captcha solver using the 2Captcha service in Golang. You can now run the program by executing the following command:

go run main.go --image /path/to/captcha.png

Replace /path/to/captcha.png with the actual path to your captcha image file. The program will send the image to the 2Captcha service, solve the captcha, and display the solved text.

Feel free to explore the 2Captcha Go client library documentation (https://pkg.go.dev/github.com/2captcha/2captcha-go) for more advanced usage and options.

That's it! You can now integrate this captcha solver into your own projects or applications to automate captcha solving using the 2Captcha service.