About a year back (Oct 2009) I wrote a quick technical review of the scr.im email protection service. I’ll save you the pain of rehashing it all here, and the pain of rewriting it all. If you’ve not read it, head over here to take a quick look!
There were a number of flaws in the way scr.im used captchas, as well as the way it handles requests (allowing multiple requests with the same token etc…). At the time I wrote the following :
I don’t think it would take much for a good scripter (that rules me out most likely) to script up something that could quite simply go through and harvest addresses from the site
Well I’m still not a good scripter… but I’m learning. So in the theme of #HackToLearn, I spent a few hours playing with Python and BeautifulSoup last night. At the end of it, I had a workable Proof of Concept script that does just what it says on the tin…. enter the scr.im ID you want extracted, and it’ll return you the email address sitting behind the captcha. I called this PoC scr.im-jim ( a play on the slim-jim tool used to break into cars), because it sounded cool, and because I was really tired at the time!
You can find out more about the tool, watch the video demo and download the source from the scripts/tools section of the site.
links:
- tools/scripts –> [PoC] scr.im-jim
- Download the PoC script –> scr.im-jim.py
- Watch the video –> demo
- Scr.im – A Lesson in Trust But Verify (mjc.me) –> http://mjc.me/?p=174
Tagged: beautifulsoup, PoC, python, scr.im, script, tool
