使用鼠标检测的反验证码 [英] Anti-Captcha Using Mouse detection

问题描述

我想知道是否有可能仅使用JavaScript来为表单创建安全的人类检测机制（不使用验证码）来检测鼠标的移动，因为jquery或操作系统代码都可以移动鼠标（因此Im告诉我）。

I want to know if it is possible to create a secure human detection mechanism (not using captcha) for a form with just javascript to detect mouse movement since jquery nor operating system code can move the mouse (so Im told).

这是我的计划：

1. 使用jQuery，我可以检测鼠标是否已移动，然后允许提交表单（如果已提交）。


2. 我已经启用了跨站点脚本编写，因此没有人可以直接提交到网页之外的站点，而且我需要JavaScript来汇总表单。


3. 鼠标移动将在窗体的mouse字段中添加一个值，该值将在服务器端确定是由人类提交的。


4. mouse字段将使用某种形式的算法，将鼠标的运动作为种子，然后在服务器端对其进行解码，以便漫游器可以在mouse字段中输入任何值。

1. With jQuery I can detect if the mouse has moved, and then allow a form to submit if it has.
2. I already have cross site scripting enabled so no one can submit directly to the site outside of the webpage, and Im requiring javascript to sumbit the form.
3. The mouse movement will add a value to the a mouse field in the form and the value is what will determine on the server side that it was submitted by a human.
4. The mouse field will use some form of algorithm that the mouse movement will seed, then decode it on the server side so a bot can just enter any value into the mouse field.

因此，我想知道这种方法是否仍然存在漏洞，还是让机器人仍然绕过它。

So Im wondering if there are still holes in this approach or ways for a bot to still bypass it.

推荐答案

否，不可能创建一种依靠鼠标移动来检测人的安全机制。查看 java.awt.Robot 类仅作为一个仅使用软件进行黑客入侵的示例。我使用该类将复活节彩蛋编写到程序中，该程序可以用鼠标顶起并使其跳动一些疯狂的模式。用户喜欢它；-)您还可以使用 USB Rubber Ducky 对其进行破解。

No it is not possible to create a secure mechanism that detects a human by relying on mouse movements. Check out the java.awt.Robot class for just one example of how to hack it using software only. I used this class to write an Easter egg into a program that jacks with the mouse and makes it dance some crazy patterns. The user's loved it ;-) You could also hack it with the USB Rubber Ducky.

这篇关于使用鼠标检测的反验证码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！