Bypass captcha based protection by removing cookie
Attackers can circumvent captcha protection by removing cookies compromising the system's security.
Lack of Resources & Rate Limiting (RL)
How this template works
The template uses API selection filters to specify the criteria for selecting the appropriate API requests to execute. In this case, the filters include checking the response code to be between 200 and 300, and checking for the presence of a specific cookie in the request headers or a specific query parameter containing the word "captcha".
The template defines a single request to be executed. It includes instructions to delete the "cookie" header, as well as the header, body parameter, and query parameter specified by the value of the "captcha_key" variable.
After executing the request, the template specifies the validation criteria for the response. It checks that the response code is between 200 and 300, and that the response payload matches at least 80% of the expected payload. Additionally, it checks that the response payload has a length greater than 0.
Frequently asked questions
What is the purpose of the "Bypass captcha based protection by removing cookie" test
How does removing cookies enable attackers to bypass captcha protection
What are the potential impacts of bypassing captcha protection
What category and subcategory does this test fall under
What are the tags associated with this test
What are the validation criteria for a successful test