Support hCaptcha #319
Comments
|
This is not needed. hCaptcha supports an accessibility system that automatically bypasses captchas for you: https://www.hcaptcha.com/accessibility Edit: Quote from their website
|
|
That requires a signup/email, though. It also requires login. |
I made a PoC for that once, although it must have broken by now, but I'm just saying it's doable. 👍 |
|
I see there's already an extension for solving hCaptcha. https://chrome.google.com/webstore/detail/hcaptcha-solver/lfpfbgeoodeejmjdlfjbfjkemjlblijg |
AFAIK there is no way to get the cookie without receiving an email, so I used a disposable email service to receive it. |
|
The accessibility cookie is (supposedly) rate limited. This will (likely) not work. |
|
You need an email to get a link, which is rate-limited and therefore can't be shared. Automating a disposable mail address is how you get that link. We could maybe make an API to do this (and return a cookie), so the browser extension doesn't need to do all the heavy lifting. |
|
On the contrary, you shouldn't make an API to scrape a rate-limited service, since all requests will originate from the server's static IP address, which will eventually get blocked. Also, you can't constantly use the same disposable email provider, because it will get detected and eventually banned as well, considering that many of those services already are blocked. You could submit the form client-side and receive the email server-side, but then the IP address will be blocked by the disposable email providers instead. So, a fully client-side solution would be the best implementation of the email method, the downside is that you need an actual system app to run a headless browser capable of scraping both hCaptcha and email providers, which would communicate with the extension. However, I would personally recommend looking for another method than the email one. |
|
I still don't understand what's wrong with just bookmarking the HCaptcha accessibility URL. If all else fails, maybe the extension could force-whitelist that 3rd party cookie and automatically refresh it from a user-provided cookie URL? I don't think it's any harder to sign up for the HCaptcha accessibility URL than it is to sign up to any of the speech recognition APIs. Considering the use-case of this extension is improving accessibility, I doubt the utility of trying to do anything more than providing a link to hCaptcha's accessibility sign up page and automatically refresh and force the cookie to load. Maybe adding some code to implement privacy passes might also be useful, just to reduce the number of hCaptchas shown. |
|
I have cleaned up the thread and kept the parts that are useful, please only share relevant information going forward. I agree that automating the signup for the accessibility cookie is out of scope, the most this extension will do is to refresh the cookie if you have already signed up. The main goal here is to find solutions that involve object recognition. |
I'd argue that it should probably implement https://github.com/privacypass/challenge-bypass-extension, if only to reduce the number of hCaptchas shown. I will note that hCaptcha officially supports this protocol. |
This comment was marked as resolved.
This comment was marked as resolved.
|
It doesn't work because the privacy pass extension broke their code when
they added cloudflare and haven't realized it yet. There's an open PR in
their repo that fixes it, but it has yet to be merged. Also, the protocol
does bypass hCaptchas. Just not all of them :)
… Message ID: ***@***.***>
|
This comment was marked as resolved.
This comment was marked as resolved.
|
Assuming the solver solves it 99% of the time, implementing privacy passes will improve that accuracy to 99.91%. I don't see any downside. |
|
My mistake, I thought you meant the privacy pass solution would be the only thing the extension would offer. Sounds good now. |
|
i dont know anything but i found this https://chrome.google.com/webstore/detail/hcaptcha-solver/lfpfbgeoodeejmjdlfjbfjkemjlblijg |
it may be malicious i think |
I tried it and there are several issues with it:
|
i said it may be malicious did i |
|
and i dont know anything so dont blame me :( |
@ so I can install after merging, |
also it allows for them to constantly track you all over the internet |
and others
Subscribe to this issue for updates on hCaptcha support.
The text was updated successfully, but these errors were encountered: