[Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Hi. My name is Kyle Brooks, and I hereby introduce myself with this post. I have seen a lot of text captchas. A text captcha is the logical opposite of a image captcha. That is, among other qualities: image captchas are inaccessible, while text captchas are, and image captchas cannot be easily read by bots, while text captchas can be because they are clearly embedded in forms for all to visibly see. Therein lies the problem. You see, text captchas can be insecure! But there are too many people that think text captchas are secure, that they are a panacea. So, I would like to show that a bot can crack a simple textual captcha that involves math, like 1 + 1. I want to generate a captcha, show it, and have the user (in this case, me) submit the answer. Then I would like to write an automated bot that goes to the webpage, reads the captcha, evaluates it, puts it in, and submits it. I would like some suggestions on how to do both stages. In advance, thanks for any help that you may give. - Kyle ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] C program
Thanks very much, I will try it out and use your idea.
Am sorry I posted the question in this forum, just wanted to get ideas from
you guys.
Ciao
- Original Message -
From: "Tiger12506" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, August 01, 2007 3:20 AM
Subject: Re: [Tutor] C program
> Hello people of the world.
>
> This question is not a Python related question, but I thought I might just
> throw it in here and see if there are any C old-timers who could help out.
>
> I have a string with space and I would like to remove the space before
> comparing but I don't know how to go about doing it. Here is the code
>
> int result = strcmp("yes","yes ");//trailing space on the second yes
> this should give me '0' meaning they are both the same, but with the
> space,
> it gives me '-1'
>
> Please note: those arguments can be supplied by the user, and when they
> do,
> I want to strip off the trailing space.
>
> Any helps is highly appreciated.
> -
>
> I doubt if this is the best way, but you can do this.
>
>
> /*--*/
> #include
> #include
>
> char s[20] = "yes";
> char s2[20] = "yes ";
>
> void rstrip(char *c) {
> while (*c++!=0);
> c--;
> while (*--c==' ') *c = 0;
> }
>
> int main() {
> rstrip(s2);
> int result = strcmp(s, s2);
> printf("%d\n",result);
> system("pause");
> }
> /*--*/
>
>
> JS
>
> PS - This *is* a python list. Usually the tutors don't like people who
> post
> off-topic stuff. (And C is pretty off-topic)
>
> ___
> Tutor maillist - Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Kyle Brooks wrote: > Hi. > > My name is Kyle Brooks, and I hereby introduce myself with this post. > > I have seen a lot of text captchas. A text captcha is the logical > opposite of a image captcha. That is, among other qualities: image > captchas are inaccessible, while text captchas are, and image captchas > cannot be easily read by bots, while text captchas can be because they > are clearly embedded in forms for all to visibly see. > > Therein lies the problem. You see, text captchas can be insecure! But > there are too many people that think text captchas are secure, that > they are a panacea. So, I would like to show that a bot can crack a > simple textual captcha that involves math, like 1 + 1. > Essentially, if you generate these questions programmatically, and they're all math-based, then you're right, this is trivially easy to crack. If, however, you had questions such as "what color is the sky?" "do cats meow or bark?" and such, like that, thrown in with the math questions, it becomes slightly more difficult to crack these. > I want to generate a captcha, show it, and have the user (in this > case, me) submit the answer. You could write a simple CGI script to do this. You'll obviously have to have a webserver with CGI running on your local machine. > Then I would like to write an automated > bot that goes to the webpage, reads the captcha, evaluates it, puts it > in, and submits it. > > I would like some suggestions on how to do both stages. > First, install Apache. Then get CGI working. Then, figure out a way to generate your captchas and their answers. Here's a very hackish and simple way to do this: ops = ['%s +','%s -','%s *','%s /'] import random temp = ' '.join([random.choice(ops) for x in range(random.randrange(3,6))]) temp += ' %s' vals = [] while 1: try: finalstr = temp % tuple(vals) break except TypeError: vals.append(random.randrange(30)) print "The answer to the captcha :",finalstr finalanswer = eval(finalstr) print "should be :",finalanswer I must confess, I just woke up a few minutes ago and I didn't take the time to come up with a good solution to your problem, so there's almost definitely a better way to do this. You might want to throw some random text into the finalstr, such as "what is the answer to " + finalstr + "?" so that your naysayers won't say "but my captchas have other text!" etc. As far as automating reading the captcha, use BeautifulSoup to parse the HTML, figure out where on their page the captcha lies. Automating the form submission is pretty easy. Especially if it's a submit form, instead of a post, or something, you just submit by making a query with the form data attached to the end. For example, if I wanted to submit the values "q = 2000" and "x = 100" I would do this: http://www.example.com/captcha.html?q=2000&x=100 If this is the case, you don't even have to deal with the HTML. Just use urllib to load this web address, and save the page locally, so you can check if it says "YOU SOLVED IT" or "YOU SUCK" or whatever. > In advance, thanks for any help that you may give. > > - Kyle > -Luke ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] gotoxy
hi folks, is there in python a gotoxy like in pascal so i can print stuff in other parts of the screen? what about some thing like it for the gui in windows? ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Which GUI?
Terry Carroll wrote: > I think it's rigged. I answered it honestly, and it suggested wxPython, > which is no surprise; I came to the same conclusion myself based on my > needs and preferences. I thought the same, it always came up with WxPython for me. This is what I meant by it being difficult to decide :) I am thinking about starting with Tkinter then trying WxPython because WxPython seems to be the most highly suggested and seems to have the best documentation and selection of software/RADs. -- Your friend, Scott Sent to you from a Linux computer using Ubuntu Version 7.04 (Feisty Fawn) ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Which GUI?
scott wrote: I am thinking about > starting with Tkinter then trying WxPython because WxPython seems to be > the most highly suggested and seems to have the best documentation and > selection of software/RADs. I think that is a good plan, Tkinter is pretty easy to learn but harder to use to create polished, high-function interfaces. wxPython comes with a lot more in the box. BTW you eliminated PyQt because you want an open source solution but Qt 4 and PyQt 4 are available under GPL for all supported platforms. Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] gotoxy
Robert William Hanks wrote: > > hi folks, is there in python a gotoxy like in pascal so i can print > stuff in other parts of the screen? curses for the systems that support it http://effbot.org/zone/console-handbook.htm for Windows > what about some thing like it for the gui in windows? Which GUI are you talking about? If you want to write GUI programs to run under windows, look at Tkinter or wxPython or you can use pywin32 to code to the native Windows GUI. Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] gotoxy
You should have a look at the curses module, basically gotoxy is a borland think, in linux and other unix systems there is the curses library for working with text screens. Module documentation: http://docs.python.org/lib/module-curses.html Some tutorials: http://www.amk.ca/python/howto/curses/ http://www.ibm.com/developerworks/linux/library/l-python6.html Checkout window objects, there is functions for all that you want to do (move cursor, print, read, etc). Good Luck! Carlos Ruvalcaba Valenzuela On 8/1/07, Robert William Hanks <[EMAIL PROTECTED]> wrote: > > hi folks, is there in python a gotoxy like in pascal so i can print stuff > in other parts of the screen? > what about some thing like it for the gui in windows? > > ___ > Tutor maillist - Tutor@python.org > http://mail.python.org/mailman/listinfo/tutor > > ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Which GUI?
Kent Johnson wrote: > BTW you eliminated PyQt because you want an open source solution but Qt > 4 and PyQt 4 are available under GPL for all supported platforms. I know that most likely everything I develop will be released under the GPL, but, I like the freedom to choose. I don't like how Qt is only open source if you release under the GPL. Unless Qt 4 will be released only under LGPL and/or GPL, no matter how you decide to release your product. I actually moved from Kubuntu using KDE to Ubuntu using Gnome when I found out about the Qt licence. -- Your friend, Scott Sent to you from a Linux computer using Ubuntu Version 7.04 (Feisty Fawn) ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Kyle Brooks wrote: > Hi. > > My name is Kyle Brooks, and I hereby introduce myself with this post. > > I have seen a lot of text captchas. > I wonder how a computer program would respond to the previous sentence? Could it simulate the path I took? "captcha"? Did he mean "capture"? Is this one more poster who does not know how to spell? But the rest of the email is good english! Oh yes - ask Google. *visualizae me reading the wikipedia article on captchas. Light bulbs and ahas going on.* Oh yes this is a really good question. Should I respond? What would I say? Why would I say it? *visualize me typing the above and hitting send ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Hi. Please look up captcha... I did not mean capture. Your response is hilarious, frankly, but not appropriate for this list :-) - Kyle Brooks On 8/1/07, Bob Gailer <[EMAIL PROTECTED]> wrote: > Kyle Brooks wrote: > > Hi. > > > > My name is Kyle Brooks, and I hereby introduce myself with this post. > > > > I have seen a lot of text captchas. > > > I wonder how a computer program would respond to the previous sentence? > Could it simulate the path I took? > > "captcha"? Did he mean "capture"? Is this one more poster who does not > know how to spell? > But the rest of the email is good english! > Oh yes - ask Google. > *visualizae me reading the wikipedia article on captchas. Light bulbs > and ahas going on.* > Oh yes this is a really good question. > Should I respond? What would I say? Why would I say it? > *visualize me typing the above and hitting send > > ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Hi. I am not a spammer! I just want to demonstrate something :-) Thanks for the resources! You guys are great :-) - Kyle On 8/1/07, Kent Johnson <[EMAIL PROTECTED]> wrote: > Kyle Brooks wrote: > > Hi. > > > > Please look up captcha... I did not mean capture. > > > > Your response is hilarious, frankly, but not appropriate for this list :-) > > Oh, all of a sudden we are not allowed to go OT or have fun here? Who > died and made you the moderator? ;-) > > A bit more on track to actually answering your question... > > ISTM making your own web site with a text captcha and then cracking it > is not a very impressive demonstration. > > Hoping that you are not actually a spammer looking for help on cracking > sites with text captchas, I'll point you to > > urllib2 - to fetch the content of a web page > http://docs.python.org/lib/module-urllib2.html > > BeautifulSoup - to parse the content of a web page > http://www.crummy.com/software/BeautifulSoup/documentation.html > > eval() - to evaluate expressions > http://docs.python.org/lib/built-in-funcs.html#l2h-25 > > safe eval - so eval can't erase your hard disk > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469 > > Kent > ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Kyle Brooks wrote: > Hi. > > Please look up captcha... I did not mean capture. > > Your response is hilarious, frankly, but not appropriate for this list :-) Oh, all of a sudden we are not allowed to go OT or have fun here? Who died and made you the moderator? ;-) A bit more on track to actually answering your question... ISTM making your own web site with a text captcha and then cracking it is not a very impressive demonstration. Hoping that you are not actually a spammer looking for help on cracking sites with text captchas, I'll point you to urllib2 - to fetch the content of a web page http://docs.python.org/lib/module-urllib2.html BeautifulSoup - to parse the content of a web page http://www.crummy.com/software/BeautifulSoup/documentation.html eval() - to evaluate expressions http://docs.python.org/lib/built-in-funcs.html#l2h-25 safe eval - so eval can't erase your hard disk http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469 Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Textual Captchas: Would like to show that bots can crack a simple text captcha
Kyle Brooks wrote: > Hi. > > Please look up captcha... I did not mean capture. > > Your response is hilarious, frankly, but not appropriate for this list :-) > Seeing that a) this is your second post here and b) you are the one asking the list for help, I don't think it's your place to decide what is and isn't appropriate for this list. Also, I'm pretty sure he *did* look up captcha and was using the process through which he researched and replied as a metaphor for how your program might work. > - Kyle Brooks > > On 8/1/07, Bob Gailer <[EMAIL PROTECTED]> wrote: > >> Kyle Brooks wrote: >> >>> Hi. >>> >>> My name is Kyle Brooks, and I hereby introduce myself with this post. >>> >>> I have seen a lot of text captchas. >>> >>> >> I wonder how a computer program would respond to the previous sentence? >> Could it simulate the path I took? >> >> "captcha"? Did he mean "capture"? Is this one more poster who does not >> know how to spell? >> But the rest of the email is good english! >> Oh yes - ask Google. >> *visualizae me reading the wikipedia article on captchas. Light bulbs >> and ahas going on.* >> Oh yes this is a really good question. >> Should I respond? What would I say? Why would I say it? >> *visualize me typing the above and hitting send >> >> >> > ___ > Tutor maillist - Tutor@python.org > http://mail.python.org/mailman/listinfo/tutor > ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Which GUI?
On Wed, 1 Aug 2007, Kent Johnson wrote: > I think that is a good plan, Tkinter is pretty easy to learn but harder > to use to create polished, high-function interfaces. wxPython comes with > a lot more in the box. I've heard "Tkinter is easier to learn" before, and I think I would once have agreed. But now that there's a good book on wxPython, I think wxPython's pretty easy to learn, and is now even better documented than Tkinter. As I was learning wxPython, most of my learning gotchas were noting differences from the Tkinter approach (including terminology). I think if I were approaching wxPython with no prior GUI knowledge, it would be approximately as easy to learn as Tkinter. All this is assuming access to a copy of "wxPython in Action"; without the book, you're back to a dearth of tutorials, and yes, Tkinter would be easier to learn. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] Filemaker interactions
Hello, I'm hoping someone here can put me on the right track with some broad concepts here. I've cross-posted this email to the comp.lang.python, I hope that's acceptable. What I am hoping to achieve is a simple HTML page to be served over our company LAN, into which the users (Real Estate Agents) can enter a property address or reference number. My next thought was to have a Python CGI script query our filemaker database of property listings, construct a PDF from the relevant information, and finally return this PDF to the user. At no stage do I want the user to have unfettered access to the database or the ability to alter/delete records. My question is: what is the most appropriate way for my script to interact with Filemaker? Can this be done with Filemaker Pro 6? According to the Filemaker Help, the "Local Data Access Companion" shares the FileMaker Pro database with ODBC-compliant applications on the same computer. Is this the right option? Can my CGI script be an ODBC client? How? Would it need to be Filemaker specific code or does ODBC have a standardised format? I'm grateful for any advice and a nudge in the right direction. Ian. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] Design Pattern + Wxpython
I am new to this and wants to do a project for Autoparts industry (Trading) with backend SQL Server 2000. 1. Which Design Pattern is suitable for me. Pradeep~~ ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Design Pattern + Wxpython
Pradeep Kumar wrote: > I am new to this and wants to do a project for Autoparts industry > (Trading) with backend SQL Server 2000. > > 1. Which Design Pattern is suitable for me. This one clearly applies: http://catb.org/~esr/faqs/smart-questions.html Kent ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] operator * of the list and tuple
tutor-request: I found this interesting question in a local forum, and want to get a more detail explain of it: >>> a = [[]]*5 >>> a [[], [], [], [], []] >>> a[0].append(3) >>> a [[3], [3], [3], [3], [3]] >>> b = [[] for i in range(5)] >>> b [[], [], [], [], []] >>> b[0].append(3) >>> b [[3], [], [], [], []] This look something like pointer! I found it also work for tuple ! >>> l1=((1,2),(2,3))*5 >>> l1 ((1, 2), (2, 3), (1, 2), (2, 3), (1, 2), (2, 3), (1, 2), (2, 3), (1, 2), (2, 3)) So, can somebody tell me how the * operator of list and tuple work, and how can we make use of it? Yang [EMAIL PROTECTED] 2007-08-02 ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] tree-like functions call to find dependencies
hi all! my problem is: I have (for example) 2 sets of quantity set(A,B,C) or set(A,B,D). I need to calculate another quantity E which is function of A,B,C or A,F. but F in turn is function of (A,B,D). I want to write one function that checks the supplied set if it possible to calculate requested the value depending on the set of values supplied, it should check what input data it needs and call functions in tree-like manner to check which quantity can they provide. In reality dependecies of course deeper sets are longer and data are very big arrays (do not fit into memory of my machine), another reason is easy to extend the program if I will need a function indirectly depending on already existed. the question is: maybe there is a design template for this? what I invented now is bit ugly... thanks Maxim Loginov ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] gendata.py
This script appears to be written for Unix systems. Is there a way to get it to work for PythonWin? from random import randint, choice from string import lowercase from sys import maxint from time import ctime doms = ( 'com', 'edu', 'net', 'org', 'gov' ) for i in range(randint(5, 10)): dtint = randint(0, maxint-1)#pick date dtstr = ctime(dtint)#date string shorter = randint(4,7) #login shorter em = '' for j in range(shorter):#generate login em += choice(lowercase) longer = randint(shorter, 12) #domain longer dn = '' for j in range(longer): #create domain dn += choice(lowercase) print '%s::[EMAIL PROTECTED]::%d-%d-%d' % (dtstr, em, dn, choice(doms), dtint, shorter, longer) ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] gendata.py
What is it that you think makes it Unix specific? Que Prime wrote: > > This script appears to be written for Unix systems. Is there a way to > get it to work for PythonWin? > > from random import randint, choice > from string import lowercase > from sys import maxint > from time import ctime > > doms = ( 'com', 'edu', 'net', 'org', 'gov' ) > > for i in range(randint(5, 10)): > dtint = randint(0, maxint-1)#pick date > dtstr = ctime(dtint)#date string > > > shorter = randint(4,7) #login shorter > em = '' > for j in range(shorter):#generate login > em += choice(lowercase) > > longer = randint(shorter, 12) #domain longer > dn = '' > for j in range(longer): #create domain > dn += choice(lowercase) > > print '%s::[EMAIL PROTECTED]::%d-%d-%d' % (dtstr, em, dn, choice(doms), > dtint, shorter, longer) > > > ___ > Tutor maillist - Tutor@python.org > http://mail.python.org/mailman/listinfo/tutor > ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] os.path.exists(path) returns false when the path actually exists!
Is there any chance the file has an extension that Windows is hiding? Can you get True for other files in the folder? So, it was the extensions all the way ! Apparently the file extension was hidden by Windows! It now works. Thank you all for your suggestions and help. -iyer - Shape Yahoo! in your own image. Join our Network Research Panel today!___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] sqlite: does "?" work in PRAGMA commands?
I'm using sqlite for the first time, so I'm not sure whether I'm trying to
do something unsupported. or whether I'm trying to do something that's
supported, but doing it wrong.
I want to get information about a table in my database. The variable
tablename holds the name of the table, and self.dbconn.execute is a valid
connection object.
This works:
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(%s)"
pragma_cmd = GET_TABLE_INFO_COMMAND % tablename
field_data = self.dbconn.execute(pragma_cmd)
But I'm mindful of the warning ("# Never do this -- insecure!") at
http://docs.python.org/lib/module-sqlite3.html, and I'd like to get into
the habit of doing that; so instead I tried it this way (and many
variations of it):
GET_TABLE_INFO_COMMAND = "PRAGMA TABLE_INFO(?)"
pragma_cmd = GET_TABLE_INFO_COMMAND
field_data = self.dbconn.execute(pragma_cmd, (tablename))
I get the error:
sqlite3.OperationalError: near "?": syntax error
Some of the variations included using "tablename" or "(tablename,)" for
the second parameter; it made no difference.
Does the "?" approach not work with PRAGMA commands or something; or am I
doing this wrong?
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
