Is it possible to grab hidden code in ClientForm?

rdmurray at rdmurray at
Sun Mar 1 17:27:54 CET 2009

Muddy Coder <cosmo_general at> wrote:
> Nowadays some websites let users to fill in some so-called
> verification code, and the tricky thing is that the CODE is delivered
> from server with an image. For example:
> <img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /
> >&nbsp;&nbsp;<a href="#" onClick="changeSource();">Refresh Image</a>
> When click Refresh Image, the CODE on the image changes. I wonder:
> does the server really send a new image over to browser, or just send
> a hidden code over? Is it possible to parse out such hidden code?
> The other example is:
> <img src="/images/verify.png;jsessionid=ahZsBmwyLGuf" alt="Digital
> Signature Code" />
> <input name="jsessionid" type="hidden" value="ahZsBmwyLGuf" />
> I did a few REFRESH on browser, and noticed the CODE changed. But,
> when I viewed the HTML source code, the value "ahZsBmwyLGuf" remained
> the same. What is the trick around here? That is why I am wondering
> whether the server really keeps sending new images over, or just
> sending new hidden codes over. If the trick is just keep sending
> hidden codes over, there might be a chance of capturing the codes. Can
> somebody help me out? Thanks a lot!

If there were some way for a program to extract the code from what
the server sent, then the whole point of using the Captcha (preventing
spam robots from posting) would be defeated.


More information about the Python-list mailing list