Sciweavers

Share
SAC
2010
ACM

CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms

9 years 1 months ago
CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms
CAPTCHAs protect online resources and services from automated access. From an attacker’s point of view, they are typically perceived as an annoyance that prevents the mass creation of accounts or the automated posting of messages. Hence, miscreants strive to effectively bypass these protection mechanisms, using techniques such as optical character recognition or machine learning. However, as CAPTCHA systems evolve, they become more resilient against automated analysis approaches. In this paper, we introduce and evaluate an attack that we denote as CAPTCHA smuggling. To perform CAPTCHA smuggling, the attacker slips CAPTCHA challenges into the web browsing sessions of unsuspecting victims, misusing their ability to solve these challenges. A key point of our attack is that the CAPTCHAs are surreptitiously injected into interactions with benign web applications (such as web mail or social networking sites). As a result, they are perceived as a normal part of the application and raise no...
Manuel Egele, Leyla Bilge, Engin Kirda, Christophe
Added 17 May 2010
Updated 17 May 2010
Type Conference
Year 2010
Where SAC
Authors Manuel Egele, Leyla Bilge, Engin Kirda, Christopher Kruegel
Comments (0)
books