Login to site with random image code?

Discussion in 'Perl Misc' started by Lucas Van Hieng, Dec 16, 2003.

  1. What I am trying to do is write a Perl script that process a certain
    webpage that requires me to be logged in:

    (http://www.starlance.us/MW4/)

    They recently redid the site, so now it requires that you enter the
    random 5 digit number shown on a png image. (Before there was no such
    extra security and I was able to POST with LWP:UserAgent.)

    Is there way at all around these things? I'm guessing that this would be
    easier than with what MSN and Yahoo use, which is often a scrambled
    mess. This site however uses uniform text (as if just typed into the
    image with text tool and saved.) Is there anyway to do some sort of OCR
    (char recognition) on the fly?

    Thanks for any info on this.
     
    Lucas Van Hieng, Dec 16, 2003
    #1
    1. Advertising

  2. "Lucas Van Hieng" <> writes:

    > What I am trying to do is write a Perl script that process a certain
    > webpage that requires me to be logged in:
    >
    > (http://www.starlance.us/MW4/)
    >
    > They recently redid the site, so now it requires that you enter the
    > random 5 digit number shown on a png image.


    > Is there way at all around these things?


    There was a rather intersting talk on this at YAPC::Europe::2003

    Dunno if you can find it online.

    --
    \\ ( )
    . _\\__[oo
    .__/ \\ /\@
    . l___\\
    # ll l\\
    ###LL LL\\
     
    Brian McCauley, Dec 16, 2003
    #2
    1. Advertising

  3. Lucas Van Hieng

    Juha Laiho Guest

    "Lucas Van Hieng" <> said:
    >What I am trying to do is write a Perl script that process a certain
    >webpage that requires me to be logged in:
    >
    >(http://www.starlance.us/MW4/)
    >
    >They recently redid the site, so now it requires that you enter the
    >random 5 digit number shown on a png image. (Before there was no such
    >extra security and I was able to POST with LWP:UserAgent.)
    >
    >Is there way at all around these things?


    Have you considered the social approach -- that is, describe your use
    and need to the site admins, and ask whether they can provide another
    method for authentication?
    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)
     
    Juha Laiho, Dec 16, 2003
    #3
  4. "Juha Laiho" <> wrote in message
    news:brniem$nm7$-int...
    > "Lucas Van Hieng" <> said:
    > >What I am trying to do is write a Perl script that process a certain
    > >webpage that requires me to be logged in:
    > >
    > >(http://www.starlance.us/MW4/)
    > >
    > >They recently redid the site, so now it requires that you enter the
    > >random 5 digit number shown on a png image. (Before there was no such
    > >extra security and I was able to POST with LWP:UserAgent.)
    > >
    > >Is there way at all around these things?

    >
    > Have you considered the social approach -- that is, describe your use
    > and need to the site admins, and ask whether they can provide another
    > method for authentication?


    Yes I have, and they were nice about it but said that their policy would
    not permit it. My goal as I was doing previously was merely make a login
    request and obtain the roster for the unit I'm involved with (though not
    actually a part of this unit, I am their faitful webmaster/tech :) so
    that it cna be displayed on their webpage as if it's on their server (it
    was something they really liked, even more so sicne it made out site
    sompletely unique next to the tripod/geocities pages most over units
    use.)
     
    Lucas Van Hieng, Dec 16, 2003
    #4
  5. Lucas Van Hieng wrote:

    > "Juha Laiho" <> wrote in message
    > news:brniem$nm7$-int...
    >> "Lucas Van Hieng" <> said:
    >> >What I am trying to do is write a Perl script that process a certain
    >> >webpage that requires me to be logged in:
    >> >
    >> >(http://www.starlance.us/MW4/)
    >> >
    >> >They recently redid the site, so now it requires that you enter the
    >> >random 5 digit number shown on a png image. (Before there was no such
    >> >extra security and I was able to POST with LWP:UserAgent.)
    >> >
    >> >Is there way at all around these things?

    >>
    >> Have you considered the social approach -- that is, describe your use
    >> and need to the site admins, and ask whether they can provide another
    >> method for authentication?

    >
    > Yes I have, and they were nice about it but said that their policy would
    > not permit it. My goal as I was doing previously was merely make a login
    > request and obtain the roster for the unit I'm involved with (though not
    > actually a part of this unit, I am their faitful webmaster/tech :) so
    > that it cna be displayed on their webpage as if it's on their server (it
    > was something they really liked, even more so sicne it made out site
    > sompletely unique next to the tripod/geocities pages most over units
    > use.)


    I suppose the point is that if they're attempting to block scripts for
    a reason, then anything your script can do, the scripts they're
    attempting to block can do as well. Thus, if you find a way to OCR the
    image, they'll simply change to an image type that you can't OCR.

    That's not to say it's no fun trying... :->
     
    Darin McBride, Dec 16, 2003
    #5
  6. Lucas Van Hieng

    Trent Curry Guest

    Darin McBride wrote:
    > Lucas Van Hieng wrote:
    >
    >> "Juha Laiho" <> wrote in message
    >> news:brniem$nm7$-int...
    >>> "Lucas Van Hieng" <> said:
    >>>> What I am trying to do is write a Perl script that process a
    >>>> certain webpage that requires me to be logged in:
    >>>>
    >>>> (http://www.starlance.us/MW4/)
    >>>>
    >>>> They recently redid the site, so now it requires that you enter the
    >>>> random 5 digit number shown on a png image. (Before there was no
    >>>> such extra security and I was able to POST with LWP:UserAgent.)
    >>>>
    >>>> Is there way at all around these things?
    >>>
    >>> Have you considered the social approach -- that is, describe your
    >>> use and need to the site admins, and ask whether they can provide
    >>> another method for authentication?

    >>
    >> Yes I have, and they were nice about it but said that their policy
    >> would not permit it. My goal as I was doing previously was merely
    >> make a login request and obtain the roster for the unit I'm involved
    >> with (though not actually a part of this unit, I am their faitful
    >> webmaster/tech :) so that it cna be displayed on their webpage as if
    >> it's on their server (it was something they really liked, even more
    >> so sicne it made out site sompletely unique next to the
    >> tripod/geocities pages most over units use.)

    >
    > I suppose the point is that if they're attempting to block scripts for
    > a reason, then anything your script can do, the scripts they're
    > attempting to block can do as well. Thus, if you find a way to OCR
    > the image, they'll simply change to an image type that you can't OCR.


    Well keep in mind that the image format needs to be displayable by any
    (visual) web browser, so that really limits the types (png, jpg, and gif
    mainly.) My point is thers only so manay ways they go in that respect.

    > That's not to say it's no fun trying... :->


    True :)

    --
    Trent Curry

    perl -e
    '($s=qq/e29716770256864702379602c6275605/)=~s!([0-9a-f]{2})!pack("h2",$1
    )!eg;print(reverse("$s")."\n");'
     
    Trent Curry, Dec 17, 2003
    #6
  7. Lucas Van Hieng

    pkent Guest

    In article <oTGDb.323$>,
    "Lucas Van Hieng" <> wrote:

    > (http://www.starlance.us/MW4/)
    >
    > They recently redid the site, so now it requires that you enter the
    > random 5 digit number shown on a png image. (Before there was no such
    > extra security and I was able to POST with LWP:UserAgent.)
    >
    > Is there way at all around these things? I'm guessing that this would be
    > easier than with what MSN and Yahoo use, which is often a scrambled
    > mess. This site however uses uniform text (as if just typed into the
    > image with text tool and saved.) Is there anyway to do some sort of OCR
    > (char recognition) on the fly?


    Funnily enough we're looking at implementing a similar system at work.
    Aaanyway...

    From looking at it it does appear that the image uses only 2 colours -
    the foreground and the background. There seems to be a 1 pixel gap
    between each digit. The code appears to use only the digits 0 to 9. The
    font doesn't vary and seems to be a variable-width font. The image seems
    to be the same as long as you have the same PHPSESSIONID cookie from
    them.

    Using this information one approach would be:

    a) get the image
    b) convert it into some format that you can manipulate from perl - GD
    might be of use.
    c) scan over all the columns to identify columns that contain all the
    same colour - those may be the breaks between digits. Trim the leading
    and trailing space too. Maybe trim the space above and below too.
    d) extract each rectangular area that is probably a digit.
    e) the characters vary in size - use the size of the area to identify
    some (maybe all) of the digits.
    f) or somehow compare the rectangle's contents to digits you've matched
    by hand and then you know what the digit is.

    I'm not suggesting that you should actually do any of this, because that
    may violate their terms of service etc, but it's an interesting problem
    to think about. I see from another article that asking the site's admin
    didn't help you out - but at leat you tried that approach too.

    P

    --
    pkent 77 at yahoo dot, er... what's the last bit, oh yes, com
    Remove the tea to reply
     
    pkent, Dec 17, 2003
    #7
  8. Lucas Van Hieng

    Trent Curry Guest

    pkent wrote:
    > In article <oTGDb.323$>,
    > "Lucas Van Hieng" <> wrote:
    >
    >> (http://www.starlance.us/MW4/)
    >>
    >> They recently redid the site, so now it requires that you enter the
    >> random 5 digit number shown on a png image. (Before there was no such
    >> extra security and I was able to POST with LWP:UserAgent.)
    >>
    >> Is there way at all around these things? I'm guessing that this
    >> would be easier than with what MSN and Yahoo use, which is often a
    >> scrambled mess. This site however uses uniform text (as if just
    >> typed into the image with text tool and saved.) Is there anyway to
    >> do some sort of OCR (char recognition) on the fly?

    >
    > Funnily enough we're looking at implementing a similar system at work.
    > Aaanyway...
    >
    > From looking at it it does appear that the image uses only 2 colours -
    > the foreground and the background. There seems to be a 1 pixel gap
    > between each digit. The code appears to use only the digits 0 to 9.
    > The font doesn't vary and seems to be a variable-width font. The
    > image seems to be the same as long as you have the same PHPSESSIONID
    > cookie from them.


    Why not use that sessionid? If it changes each time perhaps there is a
    corralation?

    --
    Trent Curry

    perl -e
    '($s=qq/e29716770256864702379602c6275605/)=~s!([0-9a-f]{2})!pack("h2",$1
    )!eg;print(reverse("$s")."\n");'
     
    Trent Curry, Dec 17, 2003
    #8
  9. Trent Curry wrote:

    > Darin McBride wrote:
    >> Lucas Van Hieng wrote:
    >>
    >> I suppose the point is that if they're attempting to block scripts for
    >> a reason, then anything your script can do, the scripts they're
    >> attempting to block can do as well. Thus, if you find a way to OCR
    >> the image, they'll simply change to an image type that you can't OCR.

    >
    > Well keep in mind that the image format needs to be displayable by any
    > (visual) web browser, so that really limits the types (png, jpg, and gif
    > mainly.) My point is thers only so manay ways they go in that respect.


    Not quite what I meant. I meant that they could change from using a
    font that was easy to OCR (e.g., an image that looks typed), to a
    "font" that, perhaps, colour-blind people may not be able to discern,
    (I use "font" very loosely here), or perhaps to a wavy pattern that
    vaguely looks like words. Depending on how good your OCR software is,
    you may or may not be able to programmatically recognise the text.

    >> That's not to say it's no fun trying... :->

    >
    > True :)
     
    Darin McBride, Dec 17, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lars-Erik Aabech
    Replies:
    8
    Views:
    871
    Lars-Erik Aabech
    Apr 28, 2005
  2. Elmar Baumann
    Replies:
    0
    Views:
    637
    Elmar Baumann
    Feb 2, 2004
  3. BradM
    Replies:
    2
    Views:
    718
    BradM
    May 30, 2007
  4. globalrev
    Replies:
    4
    Views:
    810
    Gabriel Genellina
    Apr 20, 2008
  5. VK
    Replies:
    15
    Views:
    1,318
    Dr J R Stockton
    May 2, 2010
Loading...

Share This Page