You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing to trick users into downloading and executing malicious code.
PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing (via I‑Espresso) to trick users into downloading and executing malicious code. This PoC is strictly for educational, research, and security‑testing purposes.
Features
Blurred‑Image Challenge: Prompts the user to “Identify the object” using a blurred picture.
Forced Download: Requires downloading reCAPTCHA.png (a dual‑format EXE/PNG) to continue.
Clipboard Poisoning: Automatically copies the full malicious Win+R command to the clipboard.
Dual‑Format Payload: Uses I‑Espresso to wrap a Windows PE inside a .png.
AV Evasion Demo: Shows how extension spoofing and user‑driven execution bypass antivirus.
Prerequisites
Python 3.7+
Flask
I‑Espresso – PE File Generator with Extension Spoofing by AnonKryptiQuz (Polyglot Generator)
PolyCaptcha is a Flask‑based web application that mimics Google’s image‑based reCAPTCHA flow to demonstrate how attackers can use visual deception, clipboard poisoning, and file‑format spoofing to trick users into downloading and executing malicious code.
