Yon*_*ono 6 javascript google-chrome google-chrome-extension google-chrome-devtools selenium-chromedriver
听到ReCaptcha可以读取某人在其PC上拥有的所有扩展名(或tampermonkey脚本),有什么办法可以避免这种情况?任何类型的脚本或一段代码或设置。
这一理论得到了证实:当我使用登录到任何站点时Chrome Automation Extension,都会立即被标记出来。甚至它只是公开了Chrome Options的API来执行与Recaptcha无关的另一任务。只需使用ReCaptcha加载任何网页(站点)都会触发验证码。
这是background.js,如何将其更改为其他应用程序不可见?
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
/*
* Checks for an extension error that occurred during the asynchronous call.
* If an error occurs, will invoke the error callback and throw an exception.
*
* @param {function(!Error)} errCallback The callback to invoke for error
* reporting.
*/
function checkForExtensionError(errCallback) {
if (typeof(chrome.extension.lastError) != 'undefined') {
var error = new Error(chrome.extension.lastError.message);
errCallback(error);
throw error;
}
}
/**
* Captures a screenshot of the visible tab.
*
* @param {function(string)} callback The callback to invoke with the base64
* encoded PNG.
* @param {function(!Error)} errCallback The callback to invoke for error
* reporting.
*/
function captureScreenshot(callback, errCallback) {
chrome.tabs.captureVisibleTab({format:'png'}, function(dataUrl) {
if (chrome.extension.lastError &&
chrome.extension.lastError.message.indexOf('permission') != -1) {
var error = new Error(chrome.extension.lastError.message);
error.code = 103; // kForbidden
errCallback(error);
return;
}
checkForExtensionError(errCallback);
var base64 = ';base64,';
callback(dataUrl.substr(dataUrl.indexOf(base64) + base64.length))
});
}
/**
* Launches an app with the specified id.
*
* @param {string} id The ID of the app to launch.
* @param {function()} callback Invoked when the launch event is complete.
* @param {function(!Error)} errCallback The callback to invoke for error
* reporting.
*/
function launchApp(id, callback, errCallback) {
chrome.management.launchApp(id, function() {
checkForExtensionError(errCallback);
callback();
});
}
表现:
{
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDr+Q7QFcTr4Wmn9sSICKWbxnYLhIM0ERbcapZCDmpAkiBUhOPt+KkYnTdUFl4Kx2xv02MwIowh36Fho9Dhqh7cPWGIPsLHUaJosO6t6oaHxQsMQS/K4MlnP5pNJykExo82DcajSXGV+mIQH3RslxL+XhtmIh2BQLwbizVG0bA+mwIDAQAB",
"name": "Chrome Automation Extension",
"version": "1",
"manifest_version": 2,
"description": "Exposes extension APIs for automating Chrome",
"background": {
"scripts": ["background.js"]
},
"permissions": [
"tabs", "management", "<all_urls>"
]
}
您可以从这个 pdf 中阅读大量有关 reCaptcha 以及如何欺骗它的信息。I\xe2\x80\x99m 不是人类:破解 Google reCAPTCHA
\n\nGoogle reCaptcha 使用以下详细信息检查恶意操作:
\n\n如果出现任何错误(例如:浏览器版本与用户代理不匹配或检测到可疑的鼠标移动)reCaptcha 需要验证。
\n\nPS:实际上我认为 recaptcha 不会寻找扩展程序(也是不可能的,因为浏览器不授予列出扩展程序的权限),除非它可以检测是否有任何扩展程序向网站注入了可疑代码。
\n\n您还可以在此处查看 reCaptcha 的去混淆源代码。
\n| 归档时间: |
|
| 查看次数: |
402 次 |
| 最近记录: |