challenge-bypass-extension icon indicating copy to clipboard operation
challenge-bypass-extension copied to clipboard

Published 20 hours ago verified publisher icon privacypass

captcha.website: HTTP/2 403 Forbidden

Open ilf opened this issue 2 years ago • 9 comments

Describe the bug captcha.website is behind cloudflare, which blocks my request without a token, so I can't receive tokens. Catch-22.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://captcha.website/
  2. Click on 'I am human'
  3. Solve challenge
  4. See error in Browser Console:
XHR POST https://captcha.website/?__cf_chl_captcha_tk__=Token-ID
[HTTP/2 403 Forbidden 1083ms]

Expected behavior Receive passes

System (please complete the following information):

  • OS: Linux
  • Cloudflare tokens or hCaptcha tokens? Coudflare
  • Browser: Tor Browser
  • Browser Version: 11.0
  • Privacy Pass Version: 3.0.0
  • Did you install Privacy Pass from this repository or from the browser store? browser store

ilf avatar Nov 12 '21 17:11 ilf

I'm not sure how to install the extension in Tor Browser. After I install it, I can't see the popup icon in the toolbar.

ppopth avatar Nov 12 '21 17:11 ppopth

@ppopth: TBB is essentially Firefox. So install is the same way as in Firefox. If you don't see it in the toolbar, try right-clicking the toolbar and "customize toolbar".

ilf avatar Nov 12 '21 18:11 ilf

Thanks. What I had to do is to allow it to run in Private Windows.

ppopth avatar Nov 12 '21 18:11 ppopth

@ppopth: If you're trying to re-create my setup, I also use "Security Level: Safest" in about:preferences#privacy. Although I assume that's not relevant.

ilf avatar Nov 12 '21 18:11 ilf

for noting purpose: this happens in both v2.0.9 and v3.0.0

ppopth avatar Nov 15 '21 10:11 ppopth

It works in Firefox+Tor but not in Tor Browser. So weird

ppopth avatar Nov 16 '21 11:11 ppopth

For me, solving the captcha grants me the passes and redirects me back to the CloudFlare blocked page. The blocked page acts as the interface to receive more passes.

RuiNtD avatar Dec 22 '21 00:12 RuiNtD

I'm unable to reproduce this, @ilf, are you still experiencing the issue?

migueldemoura avatar Jun 14 '22 11:06 migueldemoura

Yes, @migueldemoura, I am still not able to receive passes on https://captcha.website/ in Tor Browser 11.0.14 and Privacy Pass 3.0.3, even after solving the challenge.

ilf avatar Jun 14 '22 11:06 ilf

The original issue being reported does not happen anymore. Closing this issue.

Regarding the changes to the extension allowing it to better signal a challenge has been solved, it's being tracked in #400.

thibmeu avatar Dec 21 '23 14:12 thibmeu

@thibmeu: Wrong, the original issue reported still happens. I just verified this.

ilf avatar Dec 21 '23 14:12 ilf

As mentioned in #400, support for the legacy protocol support has been dropped and captcha.website is no longer used to retrieve tokens.

migueldemoura avatar Dec 21 '23 14:12 migueldemoura

@migueldemoura: It's great to see work to implement the IETF draft.

But as a user, it's frustrating that this issue has been open and unsolved for over two years, and now the feedback is "we'll rewrite all the important things, with no ETA".

ilf avatar Dec 21 '23 15:12 ilf

The fact that Cloudflare blocks the request with 403 forbidden is the expected behaviour. This is how the extension always asks for a new challenge. I understand the little updates have been frustrating, and we're trying to set this right from now on.

For the token not being provided, it's tracked in #400, and ETA is early 2024.

thibmeu avatar Dec 21 '23 15:12 thibmeu