Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SAC
2010
ACM
2010
ACM
CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms
CAPTCHAs protect online resources and services from automated access. From an attacker’s point of view, they are typically perceived as an annoyance that prevents the mass creation of accounts or the automated posting of messages. Hence, miscreants strive to effectively bypass these protection mechanisms, using techniques such as optical character recognition or machine learning. However, as CAPTCHA systems evolve, they become more resilient against automated analysis approaches. In this paper, we introduce and evaluate an attack that we denote as CAPTCHA smuggling. To perform CAPTCHA smuggling, the attacker slips CAPTCHA challenges into the web browsing sessions of unsuspecting victims, misusing their ability to solve these challenges. A key point of our attack is that the CAPTCHAs are surreptitiously injected into interactions with benign web applications (such as web mail or social networking sites). As a result, they are perceived as a normal part of the application and raise no...
Real-time Traffic| Added | 17 May 2010 |
| Updated | 17 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | SAC |
| Authors | Manuel Egele, Leyla Bilge, Engin Kirda, Christopher Kruegel |
Comments (0)
Researcher Info
|
