f0ng / captcha-killer-modified Goto Github PK

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

Home Page: https://f0ng.github.io/2022/03/24/burp%E9%AA%8C%E8%AF%81%E7%A0%81%E7%88%86%E7%A0%B4%E6%8F%92%E4%BB%B6%E4%BA%8C%E6%94%B9/

Python 6.13% Java 93.87%

burp-extensions burp burp-plugin

captcha-killer-modified's Introduction

captcha-killer-modified 适配新版Burpsuite

原项目地址： https://github.com/c0ny1/captcha-killer

用法与常见报错

免责声明

该工具仅用于安全自查检测

由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。

本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。

文章案例

https://github.com/c0ny1/captcha-killer [插件源项目]

https://gv7.me/articles/2019/burp-captcha-killer-usage/ [插件用法]

https://github.com/sml2h3/ddddocr [验证码识别项目]

https://github.com/PoJun-Lab/blaster [验证码登录爆破]

https://www.cnblogs.com/4geek/p/17145385.html#!comments [captcha-killer-modified详细用法及部分问题解决方案(如验证码识别位数问题)]

交流群

二维码失效请加微信f-f0ng、备注captchakillermodified交流

关注主页公众号（only security），回复captchakillermodified获取下载地址】

提issue之前请说明如下字段：

burp版本
启动burp的jdk版本
burp的Extender中Options配置的jdk版本

捐赠（如果项目有帮助到您，可以选择捐赠一些费用用于captcha-killer-modified的后续版本维护，本项目长期维护）

赞助合作商

	赞助合作商	推荐理由
	YesCaptcha	谷歌reCaptcha验证码 / hCaptcha验证码 / funCaptcha验证码商业级识别接口点我直达VIP4

插件优化的地方

修改了原项目中sun.misc.BASE64Encoder报错的问题
优化了验证码data:image识别问题
添加了ddddocr验证码识别库
增加自定义关键词获取验证码

识别成功率在85%左右。

具体修改请查看微信公众号文章 https://mp.weixin.qq.com/s/_P6OlL1xQaYSY1bvZJL4Uw

更新日志

【2022-3-21】增加可识别情况，~~当出现关键字为B/base64时，进行验证码识别~~

【2022-3-24】增加自定义关键字，删减锁定按钮

【2022-3-30】适配data:image\/png与base64中出现\r\n情况

【2022-4-12】提升准确性，修改识别验证码端代码，主要修改如下：

增加basic认证，方便部署在公网，使用tmux在后台运行即可
对验证码识别部分进行修改，针对识别出来多位，可以进行自行删改，举例，如验证码是四位，但是ddddocr识别出来了五位，那么可以截取text=ocr.classification(img_bytes)[0:4]前四位；

如ddddocr对特定类验证码的识别中字母O与数字0识别混淆，可以进行替换text=ocr.classification(img_bytes).replace("0","O")

【2022-7-2】

优化验证码对于base64的识别#10 ，原因在于base64编码中存在\n，0.16版本增加对\n的处理，感谢@DreamAndSun 师傅反馈

【2022-11-30】 0.17

添加响应提取，针对获取验证码请求中有类似token字段，在登录包的同时需要token校验的情况，在需要token校验的字段使用@captcha-killer-modified@

增加对验证码进行二次处理的案例(验证码为gif图，且验证码具体是在gif图的第二帧，无法直接识别)，见用法与常见报错

【2022-12-9】 0.18

添加@captcha@参数替代验证码，方便在repeater参数内进行测试

【2022-12-14】 0.19

增加URL解码、过滤图片编码中的.

【2022-12-23】 0.20

修复了url识别问题、爆破顺序错乱问题、响应包直接为base64编码导致爆破失败问题

【2023-2-1】 0.21

增加默认验证码模板ddddocr，适配codereg.py

增加识别结果关键字显示，方便查看关键字是否与验证码对应

【2023-2-10】 0.21-beta

优化验证码编码中的\n处理
优化@captcha@的判断方式

【2023-3-14】 0.22 重要问题修复

修复了装载插件会影响proxy选项卡的问题

【2023-3-28】 0.23

增加验证码返回包中明文返回验证码爆破案例
base64编码中应对fromUrlSafe函数(-转义为+,_转义为/)

【2023-5-22】 0.24

修复验证码在intruder中无法显示的bug
再次修复了装载插件会影响proxy选项卡的问题

【2023-7-2】 0.24.1

修复加载插件影响intruder速度的问题(临时增加了一个按钮控制是否开启该插件)

【2023-9-15】 0.24.2

优化@captcha-killer-modified@关键字

【2023-12-5】 0.24.3

修复新版burp获取不到验证码问题

【2024-1-4】 0.24.4

服务端识别代码增加算术接口，可以进行算术验证码的识别

【2024-4-2】 0.24.5

针对复杂算数验证码，进行训练获得模型，若有训练验证码的需求，可以联系作者代为训练，需捐赠，捐赠具体费用可以联系作者。这里取若依的验证码(默认配置)进行演示，测试了109个验证码，识别错误1个，准确率98%+

添加两个接口，添加reg2【识别无混淆的四则运算，项目默认模板】、reg3模板【识别混淆变形的若依四则运算验证码，默认模板不支持，需额外捐赠，捐赠具体费用可以联系作者】

captcha-killer-modified's People

Contributors

Stargazers

Watchers

Forkers

ta0ing yougar0 reclusexu mr-xn zzhsec sec-fork go-bi lay0us1 fsocietyon auxiliarya jxpsx gysf666 xiaolushuo forg4tsec akunwin chh4y hack404-007 crackercat yukar1z0e lz520520 coola007 1in3r spiderhehehoho mp20140036 huanghejin imemaker a1124510616 titounkle vrootebal a099 kyhvedn wangtanzhi-root nanaao alwaystest18 5l1v3r1 1f3lse y11en sry309 freetest ibeginer kzaopa soliontheroad leviclapham h1d3r explangcn chihy525 lighthouse-951 jaivy-mjc baco997 yangmingxu chevalavala exam-jcfxu yeshuibo bowman03 kingking888 trytohack8 1trapbox fnylad wuha0926 atomxw mangoyou fleabane1 qianbenhyu 7hang inknull sijidufei wxfight ziduhuihai st0pli junanc anonymous2100 hellodsb heygetit nonu11 rocklee-1998 showtimeon0524 hhhne tacoo19 5lin dxp666 garyreload9527 deep-webs iq-scm yellowfisherman ddwgege xiaobai219 ckevens ronglixu honeypothoneypot lwsyes gaozzr obelia01 bluepeople1 cc8ci hanobody yyming-sudo 919111524 zxlmmmm grow520 owen800q

captcha-killer-modified's Issues

关于验证码包发送到模块后少回车符的问题

验证码包发送到模块后少一个回车符号
点击发送后无响应，得手动添加
环境：Burp：2023.11.1.1 自带jre版本： 17.0.9
模块版本captcha-killer-modified-0.24.2-jdk14.jar

师傅可以解决一下嘛

你好爆破时验证码都是测试时验证码没有按照每一个请求更新验证码是怎么回事呀

{"src":"data:image/.jpg;base64,%2F9j%2F4AAQSkZJRgABAQAAAQABAAD%2F2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL%2F2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL%2FwAARCAAjAFADASIAAhEBAxEB%2F8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL%2F8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4%2BTl5ufo6erx8vP09fb3%2BPn6%2F8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL%2F8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3%2BPn6%2F9oADAMBAAIRAxEAPwD3CO0R7GMpFDuMPUoM7sDBzg%2B%2FY%2F42fslt%2FwA%2B8X%2FfAplqBHYxukeWMasQuAWO0frwBzUeqSgWptlLedc5iQK5Q8jk7gQRgc5HNCV2JyUVdj%2FsNm84k%2BzrvjBTG0hTnB6dD0HPOOQOpp4tbclgbWMYOASi88dR%2FntVHSJbm90zM1wwkWYjzEAyyqw45BGDgg98Hgg81LNd3sUhjg0%2BWcAkl3kVO56ev%2Bc80p%2B47MVN%2B0Sa6j7gWVovmXEVtFBlV819qgEnAznHU7QOpJbpThaIJVBtbZoyGLOFwQcjaAuDnjOTkcgcc8UhqN%2B97FayWawmUHJWUOyD%2B90x%2BdWru9fT7KLzts924ChYkKiR8c4GTgficeppQfO9CpvkV5Fj7Jbf8%2B8X%2FfAqN7GKW2ZPKjhkdCN8aKShI6jcuDj3GPas9tZuLR4V1G08gOceYh3K3HTrwc46%2BlasauVUyyK7B2ZTGCo2knaCMnOARnsSM4HAFyi0RCpGe3QaLK3BYmGM5OQCi8cdBx%2FnNR3VrbraTMsEQIjYghBxxVMakyRLBptnPeJEoXzHkOOOPvtksfXqTU8l076YTPbywySqy7NpbB2k8kZ2jg8nHOB1IyixftdtpmjxTzfu4gqZ2ITyxHYD1PJ%2BpPesZ9aLRzX1tE0shGAWJ2Qg4AHuxwCQP6HO3HaQ3WnwpcIJU2o4VwMAgD%2FP4ntT2sYneLcAYYm3pFtwFbjGMenPXPJ9quEox3RhVhUm9Hb%2FADKeg29zBY%2BRdRGMwvlAOMgjnJBO7ksegxkDGRkpq2owQsIUiL6gp%2F0TfbMyrKyOAwPAxjcCQwwDgkbhnSSKIxMip%2B7OVKMDjA%2BXAB6Djtx371TsoWfUru5mmhklQiEJE2fKGA2G9CQyn8fespyk3p1NqcVGKXRC6fbSWshaZGea4BklmyMIRj5OTnu2MDGBzjjJfXVrbTRyTwu86EiFUXcxyBkqAfw59KuSM8SllSSYs6jau0bQSATzjgcse%2FXGeBWHDoN6L6eWXUn2uARJH8rk5OQc5wANuMHnJ4GObpRila9iK05v4Ve%2F4CzDUtUsIobzTRECFaYRyqxJwCQucd8jnHH5Va1uabyobK2Baa4bBVSB8gHzc9qtWVtcW29ZrtrhONm9QGX1ye9RX1vPOba5tgVuYidqyH5QCOQ2D7Y47%2B1OT6LYIK3vPd%2F10M2S1u3092N29pDCjKiRKUAKcHcWwxyc4IGCBkdRm7YvdyeG1e9ZWuGgJYqu0HjrjJpsenXl3OJtTmRoxJuW1CgovygdeCeRnnPU%2B2L06FLCfccsYyWIzjO3HAJOBx0qDQwk1K7jRUWbCqMAbR0%2FKgaldhy4kG4gAtsXJA6dvc%2FnRRSGL%2Fat7%2Fz2%2FwDHV%2FwpDqd2xUmUEqcqSi8HGOOPc0UUAH9p3ZcOZRuAIB2LkA9e3sPypf7Vvf8Ant%2F46v8AhRRQAf2re%2F8APb%2Fx1f8ACj%2B1b3%2Fnt%2F46v%2BFFFAENpdz2NlBZ2z7III1ijTAO1VGAMnk8CpX1K7kRkabKsMEbR0%2FKiigD%2F9k%3D"}

保存接口URL

能不能加个记忆接口URL的功能，在公网vps使用的时候，每次使用都要重新输入，感觉有点麻烦

请问有mac版本的解决方法吗

/Library/Python/3.9/lib/python/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.so' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64h' or 'x86_64'))

返回包400

在burp中访问没问题

但是在插件中就返回错误

6位数的验证码无法识别，尝试了多种配置，都不行。请问有办法解决吗

如下图

爆破问题

#12 中提到的问题我也遇到了，发一下详细的过程
我使用的最新版插件，单线程爆破，发现除了第一次验证码识别成功之外，后面的全部是验证码错误

经过排查在logger中发现了异常，每个红框中的三个请求应该是一次完整的爆破流程：
check获取图片验证码
reg识别验证码
login提交登录请求

但是实际情况如上图绿色线条标注所示，上一组识别到的验证码，竟然在下一组的登录请求中，这显然是不对的
感觉问题可能出现在这两个地方：
1、在爆破过程中第一个请求应该是刷新图片验证码，第二个请求才是reg的识别验证码吧，我这爆破流程第一个包先是识别验证码了，即上图中最下方的#7203数据包
2、可能受缓存还是什么影响，前两个reg请求识别得到的验证码数据是一样的

无法识别

{"success":true,"message":"操作成功！","code":0,"result":"data:image/jpg;base64,/9j/4AAQSkZJRgABAgAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAjAGkDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3RIrlLwOu3yW4cNMzYwWI2jHBORnnoMAcA09kkNxHcRySeWVAaI8fQ8jIIzyOP0wXoXkdmMi7Ff5dnORjBDe+7PT0HvXJ/wDCyNJ/4WSfAxtb3+0cDE21PKz5Xmnndn7uO3X86AOpZZlukb7SoiZv9WyDLHaeAc9OM9CeDzjiophtnwZmRd3nszv8oVQAVGGBA6HkEc+9crrXxI0fQPGWm+EtQt7y4vr37OI5oo0MYeRyo3ZYEYIB4B6+1dLrek2Wt6fLp2o2kd1ZXKGGZWXJAOCCD2wQpyOhwcjbRcC6qvHLtAZo23MWZs7TxwO+Dkn26elRNcjzvvSIY874zEW3jsVx17dM4BwQD0+bvDfiC7+BnjfUdB16Ca+02VRIklvuB5GRJGrkKd2Ar+6cMdmDd8BaRefF/wCIVz4v8RQxvpVgUQWsiu8cjBTsjXPy4B/eOOhLfdw5wAfQc8svmIhYW8bkqJCy7t2eAAcjnHA9CehGDY2P54fzT5e0gx4GM5656+tUde1ZdB0K91aS2muYrOIzSxwFd+xeWI3EA4XJxnnGBzWJ4L8cad43spdS0qK6ithcG3dL3CNvCBvkClgcg8jcMYzjnJAOlvDttXbLLjB3I2COeuen58evGaUTsZkXyZPLdAVkx354I6jgd/p168X4V+JGmeMtVv49BtNSmtrN1+03EqII9p3BWjXfv+bbnG3op4DHnoPFPiez8I6Dd6zqEFzJa2yoWECBmO51TAyQM5YHkjjpnBoA05LcvuxPMjFw4KsPl4xgAjGPYg8nPXFKVW4dwwmXyyUyGZQ2VHIweeuM9iDXxjp2q6Brer6jqXj241+6urlldJtOMO4nkMGDjAGNoULgADGMYx9iEhw9zPdeTZsAQFmAVuSA27sCNhGCOp/EAvooRFUZwowMkk/metLUKXcEk/kpIGk27wB3XjkHuORz9fQ1NQBAIQZHnRfKlYFSSB83oTjr0456E9K+ddQ1Cx0D9qb7XezW9haRvGryMP3cZezVeSMYBLY3HAGcngGvofzViuN0krRrK/liOQcF8cFT2BA6euOhznnte+H3h7xXPaya/pUV49rEYo5zPIsrLkY3MhXP8Rwc4JOOpoA8T8earpetfHvww+kXttqMMc9nG7RNui3m4LldwypGHGSvHJzlga+k4U2RjOQxA3AuXwcAcE/T+veuMT4c+EjeWN2mgpb3uklYdOLXEqovlkyIQA2G5JY5BJO7OTk11c0CzSpcRgSM6bEkJyIhhjuXHPOQDgjIx6UAePftEW8F34E0bU5Ih9riv/JRwSNqvG5dSucZzGmc5IIxnrn0H4f2FvY/DHw3b2uIIZLCGVwWYktKod8HOQS7kj0zwOlXtf8ADWj+LdIXTtdtDqMdrIshRXaImUIeRtYdnPGcc+1aOmWdtZadbWdtbeTaWkaRWqsSSsaoAPvfMCBkc88c9aAJYXKFFeSWTzeULREbQFGd2BgHOTzjrjtXyTr/APa/wr1zxT4WtifsepQiOKWVAxaEk7XDFBlvLaWNiuBlnxyor64t0aMzK0ryAyFl3jG0HBwD3GSf5dq+btZ0rxF8V/HumC/8K33h/TYFVbl7mMqyo0pLESNECSxbCoQwByeBuIAPTPgh4WXQPAVrey2yJeamn2qSQ7WfaxOxdwH3NgRgCSQWbp0Hoc4lWKT97L88ihDEilkB2juCCM5JJHQn0qaV/LieTaz7VJ2qMk47AetU7VVFmlmt2RKq8YKb1UNjGORx90n2oA8K/ZrSGVPFEU6xujm0GxwCGP749D16Z/CveY0AtvsoWKVUPlOrLtG3HTAGDwRxwPp0rC8P+DvDvgqaZPD2mNbzXqjzFFxI4YJ0J3sQAC/bnnoa6KFflErR+XLIoMi7s4OPyJ7Z9hQA2OPbOfLn/dINhgAXCHAxjAyOOx9anqsJpmulCKjwMAdwzwCDg56HkdufmHTHNmgAooooAKY0MTRmNo0KE5KlRgnOen15oooAfTY40iUqgwCxb8Scn9TRRQA6iiigBiRRxbvLjVNzFm2jGSepPvTgqqWIUAsckgdT0/oKKKAE8tPN8zYvmY27sc49M+lOoooARVVRhQAMk8DueTS0UUAf/9k=","timestamp":1651744158542}

python脚本报错

师傅，我运行脚本，然后在Burp端调用的时候，错误信息如下：

burp端配置如下：

谢谢师傅。

获取不到图片验证码是什么问题啊，我在重发数据包里面可以获取到，但是插件获取不到

增强带有id的验证码

以如下数据包为例：

验证码请求：

POST /captcha HTTP/1.1
Host: example.test.com
Content-Length: 2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Content-Type: application/json
Accept: */*
Origin: http://example.test.com
Referer: http://example.test.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close

{}

返回内容：

HTTP/1.1 200 
Server: nginx/1.21.4
Date: Mon, 13 Jun 2022 03:38:54 GMT
Content-Type: application/json
Connection: close
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXX; Path=/; HttpOnly
Content-Length: 1186

{"code":200,"msg":"成功","data":{"codeId":"20ebd4da6fbf43e5a12c0ffdfb04049c","code":"iVBORw0KGgoAAAANSUhEUgAAAMgAAABkCAIAAABM5OhcAAAC/UlEQVR42u3csW1UQRAGYHdD4giJjCZIEQ3QgGNESAuERAROCKjBBSACeqACEiydZCEffre3t/M8s/tJf7zS3n2adzs7967uftxMkxfXL5/KTNsskSuwBCywwAILLLAELLDA2kXMziEGLLDAAgsssAQssMACCyywRB8LCLDAAmuffLj90xiwwBqG6ThggTXSE1hgRZECC6woVWCBFaIKLLBCVIEFVk8roWUpsFaHNcSTBilY58FarfN+/e5tdJaAFaQKLLBCVIEFFlhggQVWCVhxqsACCyywwAILrJlgaZCCBRZYYIFVCNbrN6+2AxZYIz01CgMLrE5P27zAAmuAqmNeYC0NayCpR7bA2nXOONVocoSqB1tgLQorTtUhYK0I65LjHlhghTSoGtcBay1Yo1SdXA2s7LA2bA2HNXBBsArDOtfWcFUby4KVvY91d+qlkkNgDT9gglUeVqOtIFVPLQ5WAVhDbIEFVg+sbWEbqoKa+GDNBuu/iYZ1bCvz6DpYY2xtHwafHVYhZHPC6rZVCFZyYdPC6rN1UlVCWDl5zQyrg1ddWNl4zQ+rnVfLczA5rDy2loD1+9fHf9MHa+d5rOq8VqlYGQb6uke7KtoCqwCsbmRggXXerVF+W2CVhNXOCyyweu6509oCqzastLbACp8a3SFggfU8tsACa5KiBdYksLIVLbDAAoutOrbAAgsssMCaEpamwyqwvn75dB9FC6yQijWWV+miBdb4R+GB1+XCwAIrSlhdW2DF/nj/+f3bfbp5RcwggDXPqfDA6yCsiq0LlwVr13bDg7CI8azhJ4Y57qHX6mOdyytuOm9jfXeFVRuk7QUsYv4zrgSClaXz3iIs/2iyeay8VzqpeJkgnfCuMIMtM+9rwdqN1wSqwMrFK6JWgVUJ1kBel3zx/gk9J6whDdVuBF4KsgqssVXnEk9ggXUT8da1Fd+PJTvAyrAvsGaDlWRfYE0FK8++wJoEVrZ9gVWeV84dgVXSWf4tgCVgSV1Y7z/fbsTnJY35C6jt8+lW0RYQAAAAAElFTkSuQmCC"}}

爆破请求:

POST /login HTTP/1.1
Host: example.test.com
Content-Length: 114
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
Content-Type: application/json
Accept: */*
Origin: http://example.test.com
Referer: http://example.test.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close

{"user":"testuser","passwd":"testpasswd","code":"qwfq","codeId":"9eb830c19a5647a18ae7890f07493f88"}

不识别啊

data:image/gif;base64头部缺失

返回信息缺少data:image/gif;base64，导致验证码识别不到。

{"msg":"操作成功","img":"%2F9j%2F4AAQSkZJRgABAgAAAQABAAD%2F2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL%2F2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL%2FwAARCAA8AKADASIAAhEBAxEB%2F8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL%2F8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4%2BTl5ufo6erx8vP09fb3%2BPn6%2F8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL%2F8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3%2BPn6%2F9oADAMBAAIRAxEAPwDtrW1ga1hZoIySikkoOeKsCztv%2BfeL%2FvgU2z%2F484P%2Bua%2FyqyKiMY8q0IjGPKtCIWdr%2FwA%2B0P8A3wKeLK1%2F59of%2B%2FYqQVn61r1joFi13fS7IwcADksfQCtIUfaSUIRu30G4xXQvCytP%2BfWH%2Fv2KcLG0%2FwCfWD%2Fv2K43S%2FinoF%2FdC3lM9qzHCvKvyH8R0%2FEV3EciyKGVgVIyCO9bYjA1cNLlrQcX5oS5JbDBYWf%2FAD6wf9%2BxThYWf%2FPpB%2F37FOmnS3ieWQ4RFLE%2Bwrn%2FAAr4zt%2FFMl2sFpNCtu%2B3e5BD%2FSs4YaU6cqkY%2B7G132vsFo3tY6EafZf8%2Blv%2FAN%2Bx%2FhThp1l%2Fz52%2F%2Ffpf8Ke88cMZeR1RB1ZjgCudu%2FiJ4XsbjyJNVid84Jiy4H4jinSwtSs7UoOT8lcGorc6IadY%2FwDPnb%2F9%2Bl%2Fwpw02x%2F58rf8A79L%2FAIUWV7b39tHcW0qywuMqynINWhWTgk7ND5Y9iuNMsP8Anytv%2B%2FS%2F4U8aZYf8%2BNt%2F36X%2FAAqwKbPcR2tvJPK22ONS7N6ADJpci7Byx7EY0vT%2FAPnxtv8Avyv%2BFPGlaf8A8%2BFr%2FwB%2BV%2FwrMsfGHh7UADbaxZsfQyhT%2BRrWgv7S4OIbmGQ%2F7Dg%2FyrSdCUHacbPzQKMWINK07%2Fnwtf8Avyv%2BFOGk6d%2F0D7X%2FAL8r%2FhVoU8Vnyx7Byx7FUaTpv%2FQPtP8Avyv%2BFVtT0vT49IvXSxtVdYHKsIVBB2nkcVrCqurf8gW%2F%2FwCveT%2F0E0pRjyvQUox5XoclZ%2F8AHnB%2F1zX%2BVWRVez%2F484P%2Bua%2FyqyKcfhQ4%2FCgY4UmvIvit59w1nIpJhiLBgOxOMH9P85r15lypFcZ4n0c3SN8u4HqK78vxjweJhiEr26fgE480bHmmkW%2BnatpAt5bdFmQbTKo%2BcHsfcVpeGvGV%2FwCDdQ%2FszUS0%2Bn5GO5RfVfb2qhceHrzTZzd6YxDr96E9x7f4VjaxqZ1ARpLatDPGcHP8q%2BuwqjjqsoxftKFTVpv3qb%2BfTzWn688vdXZr8T3jVdSi1DQJZLSZZI54W2Op4ORXBfCu%2BFut9ZtxIsgYjvjpXNeEfEE%2BmXB0u5Y%2FZZz8ob%2BBz3Hsf8%2B9i5kfwz4pj1KIH7NM2JFHTnr%2FAI1wLLpUPbZde%2FOlKD78utvVovnvafbcv%2FFLVtRfV4rbz5FszGCqqcBj3zWKNF02fREe33m5ZNwlLcFsdMdhmut8S6bHrdmko%2BdGG9HHUVxY0nWdPR47eZTEe2R%2FI9KrB5gp4OFClVVGpB630UvV%2Fmn%2FAMMpQ95tq6Z0Hw08aNoWof2VfyEWU7YRmPET%2FwCBr32KVXQHNfJr6Zc%2FOzAbxzjPWvRfCHi1Na0KXwzq8kgkCbYJ1cq5A6c9mXse46%2B9Z3gsPi743CSTS%2BO2tv73%2Bf39wpycfdkevat4l0fQot%2BpahBbcZCs2WP0Ucn8BXG3fxY8LXQe2E8%2BxwVLPAwUg%2Fr%2BlecT%2BGdH0mQzaxqT3DE5Cn5N36lj%2BFQtfeEZv3P2IRp0DhWH6g5rio5dgnG8FVq%2F3oxsvle7f4FOcvJFgeD9GuE8201GWSIn5XTaw%2FGsS%2Ft7vwvqkFxY30mc7o5AcEEHoRXa%2BFvD9vHcm50vUVns5BiWByGx6EMOhHoRWF8QtOkt7u3dEJjOV4HftXpZfmdaeYrD1KvPTlf4lZ7PR6b3%2BTInBcl0tT37wrrg13QbK%2FICvNErMo7Njn9c10Arzv4ZysfDlnGY5IikYUo6lTkexr0RelfIYiMYVpxjsm%2FzOhbDxVXVv%2BQJf%2F8AXtJ%2F6Catiqur%2FwDIEv8A%2Fr2k%2FwDQTXPL4WKXws5Kz%2F48oP8Armv8qsiq9l%2Fx5Qf9c1%2FlVkUR%2BFBH4UOAqOa2WZSCKlFPFUUcrqWhKwLIteW%2BJWtbDUnt7uFlkChkYLncD6fjkfhXvEybkPFcF4j8P2%2BoXSzTWiSyKMKzDoK6cJOhGpfEJuPk7MUr20PI7S3l1bVYzAhChhlj2Aru%2FEenefocu8ZKrvBPqK3NJ8MlZVIiCKOgAwBWvrmiCfTXtzuUOu0leor0MRmzrVqMoR5IU7cq3fzfUhU7J36nNfDWb%2B1NBe0m%2BY277VJ9Dzit7V%2FDObaUQt5chU7WxnB7VX8CeH%2F7DEkQdpN77ixGK726tfOgxjtXJmNalVxk6tH4W7r%2FAIYqCaikz5wu21yyLfa7EgDgt5f9RWVpzztq9vJACJfNBG3617brHhqacttB5rI0rwa8N8JTGM5znFexhuIadCE0sPFOStpovmtTOVJvqT6v4cttZtYTcwlyh3AqcH3GfT%2FCsSXwhp%2B0odPUD1BIP55r2Cx0pBbqrr2qdtEgYfcFeFDGYinFRhUaS2SbNXFPdHgUnghkl32F9Jbt6OP%2FAGYY%2FlW%2Fpfh6%2BtNNkgu79rkMSUIBzHnrhif8%2FjXqMvhmJmyFFSDw%2BgiK4roxGa4vEU%2FZVpcy80r%2FAH2v%2BJKhFO6PGvCE%2Fibw54uEjQ3t5YtJ5U%2FVwyZ4cD1HX8x3r6Kt5BJGCK46Dw%2B0N1vA7111nEY4gDWeNxrxc1OUUmlbTS%2Fr5jjHl0LYqrq%2F%2FIEv%2FwDr2k%2F9BNWxVXV%2F%2BQJf%2FwDXtJ%2F6Ca4JfCwl8LOSsv8Ajyt%2F%2Bua%2FyqyK5mLWrmKJI1SIhFCjIPb8ak%2Ft%2B6%2F55w%2F98n%2FGso1o2RnGrGyOlFOFcz%2FwkN3%2FAM84P%2B%2BT%2FjS%2F8JFd%2FwDPOD%2Fvk%2F41Xtoj9tE6jGRUL2kchyVFc9%2Fwkl5%2Fzyg%2F75P%2BNL%2Fwkt5%2Fzyg%2F75P%2BNHtoh7aJ0sVskfRRSzWqyrgiua%2F4Se9%2F55W%2F%2FfLf40v%2FAAlF7%2Fzyt%2F8Avlv8aPbRD20TorewSFsgVfCjFcf%2FAMJVfD%2Fllb%2F98t%2FjS%2F8ACV33%2FPK2%2FwC%2BW%2Fxo9tEPbROuMCN1AoS0jU5CiuS%2F4S2%2F%2FwCeNt%2F3y3%2BNL%2Fwl%2Bof88bb%2FAL5b%2FwCKo9tEPbRO1RQowKkFcP8A8JhqH%2FPG1%2F75b%2F4ql%2F4TLUf%2BeNr%2FAN8t%2FwDFUe2iHtondACnBRXCf8JnqP8Azxtf%2B%2BG%2F%2BKpf%2BE11L%2Fnhaf8AfDf%2FABVHtoh7aJ3YjX0qVRiuA%2F4TbUv%2BeFp%2F3w3%2FAMVS%2FwDCcan%2FAM8LT%2Fvhv%2FiqPbRD20T0EVV1f%2FkB6h%2F17Sf%2BgmuK%2FwCE51P%2FAJ4Wn%2FfDf%2FFVHc%2BM9RurWa3eG1CSoyMVVsgEY4%2BaplWjZilVjZn%2F2Q%3D%3D","code":200,"captchaOnOff":true,"uuid":"13976f5bec15452f891e0f6ec6a7884f"}

data:image/gif;base64 + img

已收录至我的 repo

感谢师傅开发修复！撒花！
repo

验证码问题

反馈一个问题

data:image类型的验证码。手动测试的时候可以获取验证码也是识别出来

一但放到Intruder里去跑就会识别不了验证码报500错误

codereg.py控制台那边报错：

大佬那种分开两个数据包获取验证码的有办法解决吗

第一个包

第二个包

无法识别验证码（已解决）

按照步骤往下走，无法识别出验证码

请教如何多传递一个参数

如上图所示，get图形验证码的时候服务器除了给了一个图形，还给了一个vid参数，我在intruder爆破的时候也需要提供这个vid参数，每次get图形码的请求时候vid都会变，所以有没有办法从captcha-killer里把这个get请求时候response里的vid参数传递到intruder的payload里？谢谢！

你好，想问一下我这里是获取不到验证码的意思吗？

插件新增的响应提取功能在intrude模块中无法正常联动提取，导致爆破失败

当校验接口需要同时验证验证码和token值时，通过设定@captcha-killer-modified@字段，可以正常联动插件进行自动化发包

但在使用intrude中pitchfork模式进行爆破，发现在插件中标记的token无法正常获取回传，而是变成了imgcode验证码值，导致爆破失败

inturde设置如下

点击没反应

erre

c1JNSYn4vRoDAkDmUS7Z9euIBtn1SgYApGkAEEbDAEhGIqolGgCQaNA+NNdoVtnbLxTCY+mlU6F2Ww6AdaLkrjBoy6kMj3lMZRROMtNhNkwQBqgxGoj3VVLCWFVzmQwBIBsfXspooFmPmA3T7CqnJDMoN6pJJiEHRGGoBA8g3uFDaRwQAI2KWCEAwsniUcyGCdVRkpmOIob5jiyApglWNpRdZRhrAvARiWqFNF2yXZMkdmyB624yCwDmkwwxqkmZlApfVzykoiw2vsFmW+TlCJC1WVCfFoFRjkFv2lASDQQAqjAorw3TMUur/TxPUmvXOgAoNZ9kAKzKgBgVSVCW4hypdgxEBAapEJAnrPMdWZkBACRo5cdY1ENcT4zpWLEM8C08AGXLeZTk1no+vG4G80lmPsmY3YOyXbGbHAfOYFJZJ6QET1lslMWmDItGXi/nImKHk52y35U2Vko0qRCk5X8B2dbo0rijeKoAAAAASUVORK5CYII=
Error handling request
Traceback (most recent call last):
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\aiohttp\web_protocol.py", line 433, in _handle_request
resp = await request_handler(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\aiohttp\web_app.py", line 504, in handle
resp = await handler(request)
^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Administrator\Desktop\captcha-killer-modified-main\codereg.py", line 26, in handle_cb
return web.Response(text=ocr.classification(img_bytes)[0:4])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\ddddocr_init.py", line 466, in classification
image = image.resize((int(image.size[0] * (64 / image.size[1])), 64), Image.ANTIALIAS).convert('L')
^^^^^^^^^^^^^^^
AttributeError: module 'PIL.Image' has no attribute 'ANTIALIAS'

burp2023.2.2 jdk18 jdk14.jar

mac系统报错（已解决）

没有data:image特征的编码图片获取不了

建议在验证码返回包中加一个自定义标记验证码位置的功能

RT
比如这种验证码就无法被识别，很难受，可以参考intruder里那种标记功能，自己标记验证码位置。

插件无法暂停

爆破关闭后，插件没有暂停还在不停的识别
只能靠重新启动bp，或者清空验证等数据体，但是在重新放入验证码的数据包，他又会自己调动识别

师傅您好，这样的图片格式也无法识别

captcha-killer-modified-0.24.2启动报错 unrecognized arguments:

获取有效性问题

在获取验证码时url带时间戳?t=1612345678,获取的验证才有效

测试中发现data:image\/png;base64的无法进行识别

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 May 2022 02:45:22 GMT
Content-Type: application/json; charset=utf-8
Connection: close
Set-Cookie: lang=zh-cn; path=/; HttpOnly; SameSite=lax
Set-Cookie: SESSID=5060a00d608dfd126bad5721da9337df; path=/; HttpOnly; SameSite=lax
Strict-Transport-Security: max-age=31536000
Content-Length: 7324

{"code":1,"info":"鐢熸垚楠岃瘉鐮佹垚鍔�","data":{"image":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIIAAAAyCAIAAAAfq5TfAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUaUlEQVR4nO2be3QbV53Hf5JGb0uWZEmWbMuWbMtv5+E2DTRJU1qatqFNtzmFLtADbYAFkgNsYRfo0u6BcyiFnjbQbRZaHinlEU5oaBsIpW3SPJumcUIefsZPSZZkyZKttzR6jvaPK4+vRqOHneSwZ7ff4zPnN3fu3Bn9PvP73ceMOWRoBj7QP1rcf/QNfCCADzD8L9E1wGCZ9F19I//PdVUYcAAfwLgaca6yi6a9b2pVla4p8CaSGuHVXOv/sK42KSHvl2Yg8CYK7PnFgvnC+rgm5v3JTOZq7pBVWU/VCs4acoqu+Z0gXS0GFA2lM1JSI0TexwJCDTAPMA+gZj0lEE8cHJn86l+OfuvNk6kMVfY2JokgwygmHEDlMHAAZWFYCDfDKKurSkqWSZ+pVYVvS1TGGBRGgDoa4kjlWQCYmPf/aWj8vHOOymbRsf2fvJfPK/+4IACt6eqyNWnvc7SR0jUnSK1Z7EE27f2e+njZSyAAprSubE2kZUdDjdFM27jfK8lLeHaiFQ1pMJtz2ubsd7hpBhyAsgwmiSAeDWUDAnm/NIMJUsuwkfd76uOaehP9V3iihXDj0VBhQBCVVMK1YJ1AJBasE6ikws4Z26JENA8AQz6jxz9SPS/tUOcCgsvh4OcKCV7Rdj0UAIB22U8Sioasp6oECbPYg7w/QWpvbpUCwLF+FwAMOUVep2W5VyyrZWOARQA1RjNNorTwARKdl962yidcw6esZ5OZdJu27gm1GiUlHjcPA59XHIOWCx4KPFQryEDLrTApIe/jW1TO+mi/Nxk1iz1ep2XIKeqpj+PbYu2jRMRISmOx+naJs8RdrQQDUmFYlBYO4+f9zjfHT9O7E55ZbywKIJXKsxzIj4ZiGDx5/fYkEWydzcEoTYKjjYwQVGeB3wufcToazGIP7veyfYOFcNMwkqEbaAAlYKwQQ8g1J9fXVh4WGYoCAB43l0Di6bwxaBbguM328PrOaIhD+RX4oaJJScsVJvmJQK6zaU1Xg3bRwMTw9Ym5qc21LSfmpjjayIm5qa500YSGvI9vobLOGbAgMKV1IHGOxeqhXEAsDwPyPqMEhUUxEo5g+J2pmeNTM59e2/XR1qZiLZ+Ysa251cSTcnmcPNewYhAm+QCAGAgVwkQgAR5Ks7alsCbzGU/DibkpABghKMTAkUk38FicQA+QGHYlsocWDPIaerdd4lxhUgokZgFAIayjDVQu19fiJGi7MEEl0unTttnDk7Yxb25KcWTSRmPIyzsAABBMJMasnntDG0Y4f8fLWZOS3NQAACGLA+0iAJX0nDZK25X2IAaOTNo3rVU1e6AyGAAginviIi2jzuCYuLedhALv0yWVRAN7VCK/MxggIRJQEBkL1gkaBgBccnn3nLlIMwCA8Xn/WX+o2H0AwLmRmak1U/66vJmgYDEa8GGi12lBDBKCFACELI7SDGzUku9GCAqVNPAImoFvmulcXKI4Mxrwkt52cnBMPDgmNshr7KEFupxmgLzfvpidWMWCIZCYRQBYd2nv0zxwIRI1RvN6g75ezpyjDkxac1flFMYDWJwLsvfVGpcGL6Sjweu00H8AkBCkEAPawBWfFeFGE9dDk+hKc6VJXXAqPUJQyPu+ae0qc6lVgLhIi/sdjwkEgLYDrgZEAjGYk6TxCCgRDeyz6Cu2lE7nRbbbrelo4gNAPB46fPiZJtONDfVriLgQwSjsLZBqjOYD77zz/JmLeKGET+x94C4Bj/fT9y8dmbQVnrVhtaklYPiN7SRdEpwYnT36RrG7xzV66iS+iwCI6pY6VZpEVODuSnMHJlQoGgCANSMxRJPA8xLNAGm1MEUZ04gBTQIAamN57Ttk/oawkjbm7Ql2DOjxd7s1CAbKS/3nfjc4/BdUQSxUGBr7DA1r6+tW8fnsayw1ze3bnt0TjMbwwq/e3HdrswHH0FAtcwTDyK4WCu7Vrf+d7RRd/6OtTTs/tKa0g5A6N91C2xf399P22gdvAoA3T1y5a3MHvZ0bi9S1hVDfgLalSaAIwLf4Ua6VuJzgK/SOJl/teKMTANpm6pEhq8r1FoUkAADBgNJrSldsKRQHABBPRPa/sjOdZq5GcLk8rbbd2LS+xXSzSCTHD43yhZbB0V+eH8QLOzWqJ+/c9MLRobdnp1DJjht7Xjo/lF2s0FurHpxbWnT6WHvz59b1FrvDEsKjwUZpm7ge2jj099DOY5/P2ILPf+b3N/Up7rj1tv17hx7c0VOsKcvhA6Y7Hhg9dZIGwMhLve0kIoGiYZLK5epWbm1hNCAAuCQeY+6wIJNN8ji4ccWWAozE0PChQgYAQFEZt3vE7R7pP/cbQ8MNfWseUKlyw6HOVKLF3LRvcCyWSNL1R70+RzDMkS7NG2qrpGtU+os+F9odmstb+Cu1mFFc8VkRAoAMxCB3KJ380YX/IFMk1Am+eOSRW6fWvvjb51cZfYycltcawOipk52bbrEcPoDHHENjv31vvNEJ2LRykpqDCLRya8EXApV8MsFrFbIv2i9FgyCTBYAkjzMmiWdHeR1NfMTgii1l0iX3H9iVSpEVeICzqnfbjX3/zFkc/r8yOPaHy1fwGts6WxLpzFsTVrT7WO8mqEk+dfwsa3OfXN3x4OqPUpS9gktXpG/8bc9vLr3FKFyja/3ahz9+T8fNK26WayUoYxptl6IhIO687x4AGD14CBl/OZJbOxCp5wGgIaz0kdXUvGcpGmijPSYCbJrV0cS/cOlgIQNj03pP2BbzMVYQswODB0kycMvGnWh/a3vz6yOTZCpN1zg2bb+pYWkF2M2PbON2KESXA3GWOaqIqLkaBh++sfXM+Um8ZJNx9SXX5MDcFF54yT35yGtPtajqdq3f/mDvbQIev8L27RkCAJrsMK3PnD10aubkwHTIDgBN0nrtzfrAxt7Rg4dAJXeOuUdPnQRfKANgARCp55e6aACfWst7/LFHAWCkKlGbJABgUJZY4KcX+Gl1ilAreACQSsWPn/hJJpM3KBRVq7s+vmuz6eOGhr5gyBWJePGjPp9NpWxSKOoBQMDjRZIpfAKRzGT80UQ8kwOzVq8XKHjShGDQzxz+AsCH5PUt9St5UwZsDGJR6K1r+uzau1aru7zkwkww74p+MvzWZP++y4epbLZLa6wERjWXCmW5A3PTP/jSY6cOvTNptSy4fAsu3/SMdfD00NE/HpuYdvaaGjJAyLmU0xvzKuQAkI5JVEQWAORJsY+sBnre0BsWDsoSg7JEb5j5unh45I1EMsoobLzhDg6HOymb06hbtt75RK22nVFhZPRN2t7W2cLn5k1QAsmlBz8LWQBoN9UQXJbJhEBdBQA8l7KsRyqRRAqxKMSicGfnmpc3Pf72w7vv7djAWEx0R3zfO/bS6j2PfP/4y95ooERr9gxhzxCzVsePdj3unWV5hqgM9d7pcw9/4Tun3+13emOkMbfC1SrMTCZ4AOAjq1XiINAYkjxOe0wEAIOyRPdEHbIJpyqdTgyNMIftEolK13kTALSGawGAw+GaTMys6p1fegyVYtGtzYZiPyabBaNKKBMKe2tZ5h+iYJrLNWT0zNFFWRWGAgDEokuGzCBeqzfvvf/b73/xhYdWbxHmP/uhRPS5Mwe273u8xCUMvLSBl/7V9/8rFmE+prji8fiLL7585twFEwAvmvshqK9GDACfRY9J4u0xUXtMNGyeJZwqwqlK1/tGrryVSIQZ7er7Npujda3h2klZ7hHIZJKMOowkdn+3mXXmDACaKgIAjCrh9p68tbkaifSBnrZepe4a9s8ZH0kbYTsZtpMAUCOR99W1taiYKw08Dve5j32ldIPnrZ6p4bG821YrH9rxwOd2fro5fx3zhef3Dg+OBtxyBMAlzPXKLiGhEgeXxrN0BHTTRTNVQwPMUBAKpBuN9yMbRQMAOJ0DjGpSad4il04mvbmx7l0by2x+x66veYcuL1gnumvVjdWy2XBkXYP+9pbGvvraXC5yiZYbDayhAAA8lRiRQMZYYOb3g2+/MnQskWEuhwDAv2/8ZF8dM9kypOflDUBTqeQv9u2uVsgB4MGH7vvON546t7iOkM1mX9rzh6//7GkFRAEgHRC6FAAA+kQaSi90jzr/SiaZv7+raytB5PUfkcj8rGuIUU1X28ko2d5jZsXwiz0/2WRsQEvl/7rxhhqJWCYUxEVCnkWS0ft5LiW9LXGrFUoiBZCKw3bSYrM+N/7K66OnUM/EEAc4d5rXPbrhEwDg4rn1GR1uIIWCYd9CQCDgq7U1857cit7GzR9CDACAR/DWb+g7hy3nTExPyCxR6AI7KSUUuUmYS0joE2kmhnS9DwAIpypDpS7N/IFxlCCE3Z13MwoHhg5CwY9pad7IKDEqq/vqai+wdWWALZU73TOxkXlulzCj98emwzKxEgCWxaBYKCD5bZG99kPPnt6fotKFR2/R9d5n3HCLbpWxM9eZ6TM6F8+NDFQy7/XtfvJn/WcuZrPMX91/5uKhV9++Z/sWACBj5BuvH8GPCoXCsEkaJsEgjkICXEKC4/bqlEpgjYZcrzD6Voxk/vjO9i1CoRQvWViwjo2/w6hWXV3XUL+6sOXtPWYaAwegp1Z9e2vTeoM+1xR6l6drdLpnqJH5GICnq00SdxW2s2I5gp6H/vq94SBz/YYDnO1dt+wwbLmpb1Vg2q9oVqLtNCkVV00BABlpcVVNAQAxS+x65NsL8+yPRTab/fEPX9z38qu2abtAIODmf1OyftNamSWq6AI7KeXHHXql0g05GEsYKJkCALjhQLKDil12Xr70GuMaPB6/p/sevIQkg0eP76Yo5gR93Q2fLrzFtD3bZahp16h8IfIjbY23tzZqpJLCavajF6iR3HqGdmQ8BiBplrH+ZlaVCIWT1stfeP1pH8l859GlMT57964b6zvwQkWzEgDEVVNkpAUZqPzXP99fjAGtOZdXJGYud0qrJJ/5/CfCSmlgQmU02+3Q4PY7AAAFxBIGbjhAyRQIxrT7bCzBvFi1xJRKxQAUpKNG3LBgd1x47/29jIkbADQ1rmtqvLHw5ggDJ23PftN8k7J5GV+yqjhURe9/y+mF/oPfPbo3k837kIADnK933vdv2x4muEsrVwgAAEyTUoDc4I2MtJBZXrckNDo0zmiZjJGpRJIr4Mqq5IVpCkkmr/rCzqd0dVr74lqEQRy1OlaJ1AM6pTJiUeQwIO8jZbPUqPtEYVu+8PiB1x4V8hWSKnns5ELhnA4AZFXajRu+VFietufuT8YXIJswsI9fuV1qUTwRmw6rOFSgUwujHgAQWYJxU/nP8YqFwo9P//EHJ3/LKFTwpT/f/s2PNPeVbZbM8sScDAB0aNZvvv9jAA76kL6+9nev/bRB3e2YH7ZMzXz3W087ZpayqLHZUCWTrurr3rZ9i6ZWbZ0wGM12K6gAwDphEKkHAMDt9+tMi/MGbjjADedmjJGwRyGr5XLYB1GJVMDvn2FlIJGo7tzyHZFwhWsPSIgBt0sdN1UrlsOgmH71978WMtBKNH+77T83phpLnLi1sWdrYw8AiDkZMssDgD/ZRrdt/TBexz3rOXPqPLJNLY2PPpb3CHZ0m5/7xZOf+/KnNLVqADCa7dYJAywyQJ2zTql0+/1LK6x034AMyu9xuUccjgsO56VQmH14k/fDNG23feRRqaTUF3yl44BViAHrlx9hh0rWsLRUxRoKB4aP7/zzbsaoVCfV/u2zTzVUM98/d2jW47tXvGenSWmzOAoA06QUJSVrYu77//K0ZdRKV8tms/ds33LP/Xeo1ap9L7/62v6lmRZBEK8f+bVYkntDl4sGbOv2+xGMij4lDobc/RfGU+H+Of8gVZCra1Sm7q67za2bSzeStmcRANooK5ElN9dHJABgwTpBe59hsGJwBD17zr627/JhcvFliUqkeGfHsyGftsvE4vdidzIcy80GZPypcCDyo6/sdk7PFquM65U3fqlSK2GRAasBy/qie2Bc02ueCwRnw+G5ZDIKACJRtUrZJJEoyp67AqE4wLew+Gka8ju+LTNXIMNPHv7zwalDgUj4p3c988TWzwLAq/1nu1i+l2TRcEzeLQnRWxl/Kkyq//TD3SeOvFf6xLbOlp+9/DSjEPc+rUoxDIznPphY1cYcGl1XFXYMKCys7+YmriggimHAn/csAX+8+Hs+2VrC+zZCDgBN6RBt0IcQgEa+BgBmUt4Ux3Dp1Ps/efQJgUDA2pSyRvHMf3/XuLimGZ2sAgBpa4Q28MoVYRgY16xq8+LbsqdcV4UdKuPGGuu7CygatvyTCmeAu75EnikmBADyGeCaSi/NCSiKunTyzMiRY+fPXopFc6NRoVBw6x0bdnz5U2pNXk+JAEABA2DFYBNxmuJZ3EAqAWBcSLUluLhx/cTaN6xbu/RfFytwPRINAAACo5Sik4uM1eY8r+EYkFqIeCad8XoWQqGwVCrR6bW8/FfoNABcOAz2aLCJOACAMyircSEFANebARJ63s9dnFi31qxsWijRK6xANIzAKAUADAa0EIwWYhmTy2VHA21XSAIxQLoeJEoMaUp3zssVYoAA4CoMCASANsqqor6B6xJReuwDt4qjIRKKAkCVXHpto6HCoeS1ZUDr8gQzhxSLiWslTmLMQ+njCAPaFusbiikSis5qxHVeEsFYGYnKh/AAYB+bM7TX4sb1EIJREQBpGqIr/4cdQNHAdeX6HDwgKhEKBYaq5NLCwkJV4nehuAoAEmSENuhD9rE5ALiuDBAA2mAR7f1CY5liT0q4fJIGVcyBGwzRMEoDoP0+NTXc0tJ9xXuWH6pKycs8awgAYAwQAFzXD0Z5Ib/j2xWpomjwSRoAoASDKrmUNuhDJZ53fqgKAEozoAHgSpARVgxTIXeLvNJ/Qr7Gki6+xbuKvMTSN+CHEQBcrDBw0d6n/R60SKpNMdpADJBWEA0AwJ3l2sIuAEjqs8j7NIZl8XCPp3RtlX6gxy5pOuqSSPWxstEQjQWlEvZ14vFw+H8AzpSjG0lUvA0AAAAASUVORK5CYII=","uniqid":"captcha627b23426dd4a7164"}}