Migrating iMacros security test macros to kantu


#1

For some of our automated penetration tests we use captcha and recaptcha solving services like deathbycaptcha, antcpt or bypasscaptcha. They all support iMacros, what is the best way to use them with Kantu?

Example code from https://bypasscaptcha.com/imacros.php

'This is an imacros example:
'The script fill the captcha of gmail. The red part is needed to modify by your self.
VERSION BUILD=6221002     
TAB T=1     
TAB CLOSEALLOTHERS     
SET !EXTRACT_TEST_POPUP NO
URL GOTO=https://www.google.com/accounts/NewAccount

'Step 1: save the captcha picture to local disk
FILEDELETE NAME=c:\captcha.jpg
ONDOWNLOAD FOLDER=c:\ FILE=captcha.jpg    
TAG POS=1 TYPE=IMG ATTR=ALT:Visual<SP>verification  CONTENT=EVENT:SAVEITEM 

'Step 2: Open the a new tab, and go to bypasscaptcha.com, and submit the captcha picture
TAB OPEN
TAB T=2
URL GOTO=http://bypasscaptcha.com/captcha.php?x=x
'The KEY is used to identify each of our customers, which you can get from the purchase page . It is assigned to the CONTENT.
TAG POS=1 TYPE=INPUT:TEXT FORM=ACTION:upload.php ATTR=NAME:key CONTENT=KEY
'The path of the captcha picture saved is assigned to the CONTENT
TAG POS=1 TYPE=INPUT:FILE FORM=ACTION:upload.php ATTR=NAME:file CONTENT=C:\captcha.jpg
'Submit the userid and the captcha to bypasscaptcha.com
TAG POS=1 TYPE=INPUT:SUBMIT FORM=ACTION:upload.php ATTR=VALUE:Submit 

WAIT SECONDS=#DOWNLOADCOMPLETE# 

'Step 3: Extract the characters that are recoginzed from the picture of captcha.
TAG POS=1 TYPE=FONT ATTR=TXT:* EXTRACT=TXT  
TAB CLOSE
TAB T=1

'Step 4: Fill the recognized characters to the verification box
TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:createaccount ATTR=ID:newaccountcaptcha CONTENT={{!EXTRACT}}

#2

Sure Kantu can do this. What the above imacro script does is to

  1. Extract captcha image with SAVEITEM - in Kantu you can use storeImage instead
  2. Save image to file (ONDOWNLOAD) - in Kantu use localStorageExport
  3. Upload image to captcha breaker api. This works the same in Kantu and imacros. For this use the file that you just exported with localStorageExport, e. g. “c:\test\recaptcha\${filename}.png”
  4. Extract the the characters that are recoginzed from the picture of captcha. iMacros uses TAG… EXTRACT=TXT, in Kantu use storeValue.
  5. Fill the recognized characters to the verification box, iMacros uses TAG…CONTENT, in Kantu use type.

Here is a demo macro. Of course, it does not work with a captcha breaking service (I do not use these), but it “extracts” a website logo, and then uploads it to online OCR, which is the same workflow, just different website. What the macro also does is to generate a random file name for downloading and uploading with Math.random().toString(36).substring(7);.

{
  "CreationDate": "2018-6-13",
  "Commands": [
    {
      "Command": "open",
      "Target": "https://ocr.space/",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Download image (would be the captcha, here it is just a logo)",
      "Value": ""
    },
    {
      "Command": "storeEval",
      "Target": "Math.random().toString(36).substring(7);",
      "Value": "filename"
    },
    {
      "Command": "storeImage",
      "Target": "//*[@id=\"logo\"]/img",
      "Value": "${filename}.png"
    },
    {
      "Command": "localStorageExport",
      "Target": "${filename}.png",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Upload image (would be catpcha breaking service)",
      "Value": ""
    },
    {
      "Command": "open",
      "Target": "https://ocr.space/",
      "Value": ""
    },
    {
      "Command": "type",
      "Target": "id=imageFile",
      "Value": "c:\\test\\recaptcha\\${filename}.png"
    },
    {
      "Command": "click",
      "Target": "link=Start OCR!",
      "Value": ""
    },
    {
      "Command": "comment",
      "Target": "Get results",
      "Value": ""
    },
    {
      "Command": "pause",
      "Target": "3000",
      "Value": ""
    },
    {
      "Command": "storeValue",
      "Target": "id=txtAreaParsedResult",
      "Value": "result"
    },
    {
      "Command": "echo",
      "Target": "The text is ${result}",
      "Value": ""
    }
  ]
}