Bypassing Captcha with curl in PHP

Question

I am trying to automate the login progress on a captcha protected page. I am using Death By Captcha to translate the image into text and it seems to be working well. I am using curl to load the login page, retrieve the captcha image url, send it to DBC, get the text back and submit a POST request to the login page with the captcha text.

The problem that I'm having is that the captcha image changes when I submit the post request. Since I do not get the same behavior when reloading/or wrongly submitting the form through a browser (I get the same image over and over again), I am assuming that the problem has to do with the cookies or something else that I'm missing that relates to the session.

This is the code that I use to retrieve the data and submit the form:

$ch = curl_init();  
// Not sure that I need it, just make sure that the session doesn't change...   
curl_setopt($ch, CURLOPT_COOKIESESSION, false);
curl_setopt($ch, CURLOPT_URL, $loginUrl);
// It seems that PHPSESSID cookie parameter might be the parameter that keep the image the same, but it didn't work. I even read it dynamically from the cookie file but it still didn't work
//curl_setopt($ch, CURLOPT_COOKIE, "PHPSESSID=2bp3nhkp3bgftfrr1rjekg03o2");
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieName);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieName);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $loginUrl);
$result = curl_exec($ch);

// Resolve the captcha and append it to the post parameters
$captchaText = $this->resolveCaptcha($result);
$postData .= '&LoginForm%5BverifyCode%5D='.$captchaText;

// Resubmit the form with the updated form data
curl_setopt($ch, CURLOPT_REFERER, $loginUrl);           
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt ($ch, CURLOPT_POST, 1); //FIXED
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postData);           
$result = curl_exec($ch);

When I print the end result, I can see that the captcha text was submitted successfully but that the image itself has changed...

I am also attaching a screenshot of the request params as captured with Tamper in a standard Firefox session (so someone might spot if I'm missing something).

The PHP/curl submit code is fully working for non-captcha based sites so the POST parameters submission seems to be working.

It could be that I'm missing something very basic here, any help will be much appreciated.

I also took a look at these posts but couldn't find the answer that I'm looking for.

How CURL Login with Captcha and Session

How to retrieve captcha and save session with PHP cURL?

https://stackoverflow.com/questions/8633282/curl-to-download-a-captcha-and-submit-it

Answer 1

you're using

curl_setopt ($ch, CURLOPT_POST, 0);

in second curl_exec. shoudn't it be

curl_setopt ($ch, CURLOPT_POST, 1);

?