Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

scr.im revisited

About a year back (Oct 2009) I wrote a quick technical review of the scr.im email protection service. I’ll save you the pain of rehashing it all here, and the pain of rewriting it all. If you’ve not read it, head over here to take a quick look!

There were a number of flaws in the way scr.im used captchas, as well as the way it handles requests (allowing multiple requests with the same token etc…). At the time I wrote the following :

I don’t think it would take much for a good scripter (that rules me out most likely) to script up something that could quite simply go through and harvest addresses from the site

Well I’m still not a good scripter… but I’m learning. So in the theme of #HackToLearn, I spent a few hours playing with Python and BeautifulSoup last night. At the end of it, I had a workable Proof of Concept script that does just what it says on the tin…. enter the scr.im ID  you want extracted, and it’ll return you the email address sitting behind the captcha. I called this PoC scr.im-jim ( a play on the slim-jim tool used to break into cars), because it sounded cool, and because I was really tired at the time!

You can find out more about the tool, watch the video demo and download the source from the scripts/tools section of the site.


2 responses to “scr.im revisited

  1. Ozh October 12, 2010 at 14:13

    Posted a lengthy comment on mjc.me explaining that scr.im is exactly what is advertised. Read it there when it gets out of the moderation queue 🙂

  2. ChrisJohnRiley October 12, 2010 at 15:45

    Thanks for the reply over at mjc.me!

    I won’t rehash the response I gave there… best to keep everything in one place 😉

%d bloggers like this: