Remove Captcha from request
Ignoring CAPTCHA validation without the field present in the backend server can result in severe damage and vulnerabilities.
Lack of Resources & Rate Limiting (RL)
How this template works
APIs Selection
The template uses API selection filters to specify the conditions for selecting the API requests to be executed. It filters requests based on the response code being between 200 and 300, or if the request payload or query parameter contains the word "captcha". It also extracts the value of the "captcha_key" from the request payload or query parameter.
Execute request
The template specifies a single request to be executed. It uses the extracted "captcha_key" value to delete the corresponding body parameter and query parameter from the request.
Validation
The template defines the validation criteria for the response. It checks that the response code is between 200 and 300, the percentage match of the response payload is greater than 80%, and the length of the response payload is greater than 0.
Frequently asked questions
What is the purpose of the "Remove Captcha from request" test
How can hackers exploit the absence of CAPTCHA validation
What is the impact of bypassing CAPTCHA protection
What category and subcategory does this test fall under
What are the severity and tags associated with this test
Are there any references or resources related to this test
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
