Is it possible to grab hidden code in ClientForm?

Muddy Coder cosmo_general at yahoo.com
Sun Mar 1 15:23:20 CET 2009


Hi Folks,

Nowadays some websites let users to fill in some so-called
verification code, and the tricky thing is that the CODE is delivered
from server with an image. For example:

<img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /
>&nbsp;&nbsp;<a href="#" onClick="changeSource();">Refresh Image</a>

When click Refresh Image, the CODE on the image changes. I wonder:
does the server really send a new image over to browser, or just send
a hidden code over? Is it possible to parse out such hidden code?

The other example is:

<img src="/images/verify.png;jsessionid=ahZsBmwyLGuf" alt="Digital
Signature Code" />
<input name="jsessionid" type="hidden" value="ahZsBmwyLGuf" />

I did a few REFRESH on browser, and noticed the CODE changed. But,
when I viewed the HTML source code, the value "ahZsBmwyLGuf" remained
the same. What is the trick around here? That is why I am wondering
whether the server really keeps sending new images over, or just
sending new hidden codes over. If the trick is just keep sending
hidden codes over, there might be a chance of capturing the codes. Can
somebody help me out? Thanks a lot!


Muddy Coder








More information about the Python-list mailing list