Is it possible to grab hidden code in ClientForm?

[Muddy Coder]

Hi Folks,

Nowadays some websites let users to fill in some so-called
verification code, and the tricky thing is that the CODE is delivered
from server with an image. For example:

<img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /

&nbsp;&nbsp;<a href="#" onClick="changeSource();">Refresh Image</a>

When click Refresh Image, the CODE on the image changes. I wonder:
does the server really send a new image over to browser, or just send
a hidden code over? Is it possible to parse out such hidden code?

The other example is:

<img src="/images/verify.png;jsessionid=ahZsBmwyLGuf" alt="Digital
Signature Code" />
<input name="jsessionid" type="hidden" value="ahZsBmwyLGuf" />

I did a few REFRESH on browser, and noticed the CODE changed. But,
when I viewed the HTML source code, the value "ahZsBmwyLGuf" remained
the same. What is the trick around here? That is why I am wondering
whether the server really keeps sending new images over, or just
sending new hidden codes over. If the trick is just keep sending
hidden codes over, there might be a chance of capturing the codes. Can
somebody help me out? Thanks a lot!


Muddy Coder

 

[Gabriel Genellina]

Nowadays some websites let users to fill in some so-called
verification code, and the tricky thing is that the CODE is delivered
from server with an image. For example:

<img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /

When click Refresh Image, the CODE on the image changes. I wonder:
does the server really send a new image over to browser, or just send
a hidden code over? Is it possible to parse out such hidden code?

The server may asociate the expected value (CODE) to some session ID.
Delivering a new image means a new value associated. No other changes are
needed in the client side.

 

[rdmurray]

Nowadays some websites let users to fill in some so-called
verification code, and the tricky thing is that the CODE is delivered
from server with an image. For example:

<img src="/jobsearch/captcha.jpg" name="CAPTCHA_IMAGE" border="1" /

When click Refresh Image, the CODE on the image changes. I wonder:
does the server really send a new image over to browser, or just send
a hidden code over? Is it possible to parse out such hidden code?

The other example is:

<img src="/images/verify.png;jsessionid=ahZsBmwyLGuf" alt="Digital
Signature Code" />
<input name="jsessionid" type="hidden" value="ahZsBmwyLGuf" />

I did a few REFRESH on browser, and noticed the CODE changed. But,
when I viewed the HTML source code, the value "ahZsBmwyLGuf" remained
the same. What is the trick around here? That is why I am wondering
whether the server really keeps sending new images over, or just
sending new hidden codes over. If the trick is just keep sending
hidden codes over, there might be a chance of capturing the codes. Can
somebody help me out? Thanks a lot!

If there were some way for a program to extract the code from what
the server sent, then the whole point of using the Captcha (preventing
spam robots from posting) would be defeated.

--RDM