Script to automate actions on ajax-enabled website

Question

Hi

Here in Switzerland, people under 26 that have a cell phone contract with Swisscom can send 500 sms per month for free using the website https://xtrazone.sso.bluewin.ch/.

Until a few days ago, this site was structured quite simply, it had a login and an inputbox to enter the sms. That's why i wrote a perl script (http://github.com/gwrtheyrn/Xtrazone-SMS-Tool) to send sms over that service using curl. That worked perfectly.

Now they rewrote the entire site, and I'm faced with the following problems to be able to rewrite the script:

1. There's a CAPTCHA after the login has been entered
2. The loginbox gets loaded using javascript and processes the input using ajax
3. The box to enter the receiver isn't a standard input box, it's a special javascript inputbox

My remaining questions:

• How can i bypass the captcha? I thought of Tesseract (http://code.google.com/p/tesseract-ocr/). That would probably work with perl (there's a wrapper for it).
• Is there some way to execute the JavaScript actions without having to start a browser? I want to keep the tool command-line-only.

Thanks in advance.

Answer 1

If you run through the process with a network trace of some kind on ( there is one that comes as an add-on for firefox, fiddler is a passable standalone alternative ) you should be able to see what requests are actually made by the javascript to the server. It is these that you will need your script to be able to emulate.

Answer 2

I have use Tesseract successfully against one captcha but not the other. BUT you may not need that if the captcha is to load the text box.

Grab Tamper Data for firefox. start it after you enter the captcha and check out the POST request they make. There is a chance you could directly send POST commands via CURL and not bother with the javascript