Cracking CAPTCHA with Padding Oracle attack




Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 18, 2010

This video shows how to crack all CAPTCHA in a target website using only JavaScript hosted on a different machine. We do that by exploiting Padding Oracle and web browsers cross-domain information leakage vulnerabilities.

One can easily turns this exploit into a distributed attack. Please see our paper at http://www.netifera.com/research for more technical details.

Thank you and happy hacking!

--Juliano Rizzo and Thai Duong

  • Category

  • Song

  • Artist

  • Album

    • Sinner
  • Licensed to YouTube by

    • UMG (on behalf of Wind Up); ASCAP, Sony ATV Publishing, Reservoir Media (Publishing), Broma 16, CMRRA, SOLAR Music Rights Management, Abramus Digital, and 18 Music Rights Societies


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...