使用鼠标检测的反验证码 [英] Anti-Captcha Using Mouse detection
问题描述
我想知道是否有可能仅使用JavaScript来为表单创建安全的人类检测机制(不使用验证码)来检测鼠标的移动,因为jquery或操作系统代码都可以移动鼠标(因此Im告诉我)。
I want to know if it is possible to create a secure human detection mechanism (not using captcha) for a form with just javascript to detect mouse movement since jquery nor operating system code can move the mouse (so Im told).
这是我的计划:
- 使用jQuery,我可以检测鼠标是否已移动,然后允许提交表单(如果已提交)。
- 我已经启用了跨站点脚本编写,因此没有人可以直接提交到网页之外的站点,而且我需要JavaScript来汇总表单。
- 鼠标移动将在窗体的mouse字段中添加一个值,该值将在服务器端确定是由人类提交的。
- mouse字段将使用某种形式的算法,将鼠标的运动作为种子,然后在服务器端对其进行解码,以便漫游器可以在mouse字段中输入任何值。
- With jQuery I can detect if the mouse has moved, and then allow a form to submit if it has.
- I already have cross site scripting enabled so no one can submit directly to the site outside of the webpage, and Im requiring javascript to sumbit the form.
- The mouse movement will add a value to the a mouse field in the form and the value is what will determine on the server side that it was submitted by a human.
- The mouse field will use some form of algorithm that the mouse movement will seed, then decode it on the server side so a bot can just enter any value into the mouse field.
因此,我想知道这种方法是否仍然存在漏洞,还是让机器人仍然绕过它。
So Im wondering if there are still holes in this approach or ways for a bot to still bypass it.
推荐答案
否,不可能创建一种依靠鼠标移动来检测人的安全机制。查看 java.awt.Robot 类仅作为一个仅使用软件进行黑客入侵的示例。我使用该类将复活节彩蛋编写到程序中,该程序可以用鼠标顶起并使其跳动一些疯狂的模式。用户喜欢它;-)您还可以使用 USB Rubber Ducky 对其进行破解。
No it is not possible to create a secure mechanism that detects a human by relying on mouse movements. Check out the java.awt.Robot class for just one example of how to hack it using software only. I used this class to write an Easter egg into a program that jacks with the mouse and makes it dance some crazy patterns. The user's loved it ;-) You could also hack it with the USB Rubber Ducky.
这篇关于使用鼠标检测的反验证码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!