challenge-bypass-extension
challenge-bypass-extension copied to clipboard
captcha.website: HTTP/2 403 Forbidden
Describe the bug captcha.website is behind cloudflare, which blocks my request without a token, so I can't receive tokens. Catch-22.
To Reproduce Steps to reproduce the behavior:
- Go to https://captcha.website/
- Click on 'I am human'
- Solve challenge
- See error in Browser Console:
XHR POST https://captcha.website/?__cf_chl_captcha_tk__=Token-ID
[HTTP/2 403 Forbidden 1083ms]
Expected behavior Receive passes
System (please complete the following information):
- OS: Linux
- Cloudflare tokens or hCaptcha tokens? Coudflare
- Browser: Tor Browser
- Browser Version: 11.0
- Privacy Pass Version: 3.0.0
- Did you install Privacy Pass from this repository or from the browser store? browser store
I'm not sure how to install the extension in Tor Browser. After I install it, I can't see the popup icon in the toolbar.
@ppopth: TBB is essentially Firefox. So install is the same way as in Firefox. If you don't see it in the toolbar, try right-clicking the toolbar and "customize toolbar".
Thanks. What I had to do is to allow it to run in Private Windows.
@ppopth: If you're trying to re-create my setup, I also use "Security Level: Safest" in about:preferences#privacy
. Although I assume that's not relevant.
for noting purpose: this happens in both v2.0.9 and v3.0.0
It works in Firefox+Tor but not in Tor Browser. So weird
For me, solving the captcha grants me the passes and redirects me back to the CloudFlare blocked page. The blocked page acts as the interface to receive more passes.
I'm unable to reproduce this, @ilf, are you still experiencing the issue?
Yes, @migueldemoura, I am still not able to receive passes on https://captcha.website/ in Tor Browser 11.0.14 and Privacy Pass 3.0.3, even after solving the challenge.
The original issue being reported does not happen anymore. Closing this issue.
Regarding the changes to the extension allowing it to better signal a challenge has been solved, it's being tracked in #400.
@thibmeu: Wrong, the original issue reported still happens. I just verified this.
As mentioned in #400, support for the legacy protocol support has been dropped and captcha.website
is no longer used to retrieve tokens.
@migueldemoura: It's great to see work to implement the IETF draft.
But as a user, it's frustrating that this issue has been open and unsolved for over two years, and now the feedback is "we'll rewrite all the important things, with no ETA".
The fact that Cloudflare blocks the request with 403 forbidden is the expected behaviour. This is how the extension always asks for a new challenge. I understand the little updates have been frustrating, and we're trying to set this right from now on.
For the token not being provided, it's tracked in #400, and ETA is early 2024.