Is it possible to grab hidden code in ClientForm?

rdmurray at bitdance.com rdmurray at bitdance.com
Sun Mar 1 17:27:54 CET 2009


Muddy Coder <cosmo_general at yahoo.com> wrote:
> Nowadays some websites let users to fill in some so-called
> verification code, and the tricky thing is that the CODE is delivered
> from server with an image. For example:
> 
> <img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /
> >&nbsp;&nbsp;<a href="#" onClick="changeSource();">Refresh Image</a>
> 
> When click Refresh Image, the CODE on the image changes. I wonder:
> does the server really send a new image over to browser, or just send
> a hidden code over? Is it possible to parse out such hidden code?
> 
> The other example is:
> 
> <img src="/images/verify.png;jsessionid=ahZsBmwyLGuf" alt="Digital
> Signature Code" />
> <input name="jsessionid" type="hidden" value="ahZsBmwyLGuf" />
> 
> I did a few REFRESH on browser, and noticed the CODE changed. But,
> when I viewed the HTML source code, the value "ahZsBmwyLGuf" remained
> the same. What is the trick around here? That is why I am wondering
> whether the server really keeps sending new images over, or just
> sending new hidden codes over. If the trick is just keep sending
> hidden codes over, there might be a chance of capturing the codes. Can
> somebody help me out? Thanks a lot!

If there were some way for a program to extract the code from what
the server sent, then the whole point of using the Captcha (preventing
spam robots from posting) would be defeated.

--RDM




More information about the Python-list mailing list