lolcat
/
4get
6
13
Fork 4
Code Issues 13 Pull Requests Packages Projects Releases Wiki Activity

Tor instance's captcha doesn't seem to work #30

New Issue
Closed
opened 2024-08-08 14:58:12 +00:00 by TorUser · 14 comments
TorUser commented 2024-08-08 14:58:12 +00:00
Copy Link

System: Fedora 40
Browser: Tor Browser Alpha (14.0a1)
Instance: http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion
Steps to reproduce:

  1. Try to make a random search
  2. Reach CAPTCHA
  3. Unable to solve it since the images don't display

The default instance works correctly on the browser.
I tried messing around with NoScript's settings (enabling all toggles, overriding Tor's security preset) but it was to no avail.

System: Fedora 40 Browser: Tor Browser Alpha (14.0a1) Instance: http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion Steps to reproduce: 1. Try to make a random search 2. Reach CAPTCHA 3. Unable to solve it since the images don't display The default instance works correctly on the browser. I tried messing around with NoScript's settings (enabling all toggles, overriding Tor's security preset) but it was to no avail.
lolcat commented 2024-08-08 15:21:57 +00:00
Owner
Copy Link

Well... I'm unsure of what to say here. Was able to solve the captcha, and I can do subsequent searches too.

Maybe try resetting your browser's settings? Do images load on other websites? The Captcha image is quite big in size (~150kb), maybe I can use a better image format than JPEG2000. What do you think about using WEBP if your HTTP headers ask for it?

Well... I'm unsure of what to say here. Was able to solve the captcha, and I can do subsequent searches too. Maybe try resetting your browser's settings? Do images load on other websites? The Captcha image is quite big in size (~150kb), maybe I can use a better image format than JPEG2000. What do you think about using WEBP if your HTTP headers ask for it?
Untitledsss.png
463 KiB
Untitledsss.png
TorUser commented 2024-08-08 15:44:24 +00:00
Author
Copy Link

Images load on the default instance, and other websites too (even ones on Tor).¹
I didn't mention on my first post, but I'm using Wayland.

What do you think about using WEBP if your HTTP headers ask for it?

Regarding your question, I'm not that much of a technical user (yes, despite using Tor), so unfortunately I can't contribute to this part of the discussion...

I tried reinstalling to reset my config but it didn't work.²
I tought of using the stable version but it doesn't run my machine for some reason.
I'll test the website on my phone.

Images load on the default instance, and other websites too (even ones on Tor).¹ I didn't mention on my first post, but I'm using Wayland. > What do you think about using WEBP if your HTTP headers ask for it? Regarding your question, I'm not that much of a technical user (yes, despite using Tor), so unfortunately I can't contribute to this part of the discussion... I tried reinstalling to reset my config but it didn't work.² I tought of using the stable version but it doesn't run my machine for some reason. I'll test the website on my phone.
a (web) — Tor Browser 12:29 PM 08-08-2024.png
426 KiB
a (web) — Tor Browser 12:41 PM 08-08-2024.png
80 KiB
a (web) — Tor Browser 12:29 PM 08-08-2024.png a (web) — Tor Browser 12:41 PM 08-08-2024.png
TorUser commented 2024-08-08 15:47:59 +00:00
Author
Copy Link

Search works on my phone (even images display). So there is either an issue with Tor's alpha or my machine.

Search works on my phone (even images display). So there is either an issue with Tor's alpha or my machine.
Screenshot_20240808_124603_Tor Browser.png
1.4 MiB
Screenshot_20240808_124603_Tor Browser.png
lolcat commented 2024-08-08 16:08:52 +00:00
Owner
Copy Link

Can you hit CTRL+SHIFT+I for me, head over to the network tab, refresh the page, and show me what you see?

If you can also take a screenshot of the /captcha request, that would be good for me. Right now it just seems that it just takes a long time to load because of the network.

Can you hit CTRL+SHIFT+I for me, head over to the network tab, refresh the page, and show me what you see? If you can also take a screenshot of the /captcha request, that would be good for me. Right now it just seems that it just takes a long time to load because of the network.
TorUser commented 2024-08-08 16:21:51 +00:00
Author
Copy Link

This is what the network tab looks like.¹

If you can also take a screenshot of the /captcha request [...]

Sorry if I misinterpreted it, but this is what the network tab on "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion/captcha" looks like.²

This is what the network tab looks like.¹ > If you can also take a screenshot of the /captcha request [...] Sorry if I misinterpreted it, but this is what the network tab on "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion/captcha" looks like.²
01:13 PM 08-08-2024.png
60 KiB
01:19 PM 08-08-2024.png
40 KiB
01:13 PM 08-08-2024.png 01:19 PM 08-08-2024.png
lolcat commented 2024-08-08 16:23:29 +00:00
Owner
Copy Link

The glowies seems to be blocking the connection. Right click the captcha image for me and select "Reload image", see if that affects anything. This might be due to the captcha's filesize, I'll work on making it lighter in the next commit or 2.

Besides, can you click the top right button to "get a new identity"? This might be a problem related to your tor relay.

The glowies seems to be blocking the connection. Right click the captcha image for me and select "Reload image", see if that affects anything. This might be due to the captcha's filesize, I'll work on making it lighter in the next commit or 2. Besides, can you click the top right button to "get a new identity"? This might be a problem related to your tor relay.
TorUser commented 2024-08-08 16:36:39 +00:00
Author
Copy Link

Select "Reload image"

Reloaded the image five times, no results.
Even tried "Open Image in New Tab", got "Unable to connect".

"get a new identity"?

Clicked on "Tor Circuit" -> "New Tor Circuit for this site" five times, no results.

> Select "Reload image" Reloaded the image five times, no results. Even tried "Open Image in New Tab", got "Unable to connect". > "get a new identity"? Clicked on "Tor Circuit" -> "New Tor Circuit for this site" five times, no results.
lolcat commented 2024-08-08 16:39:46 +00:00
Owner
Copy Link

I can't reproduce the issue. I don't know what to tell you. One last thing you can try, can you load up

/proxy?i=https%3A%2F%2Ftechcrunch.com%2Fwp-content%2Fuploads%2F2016%2F05%2Fp1040495.jpg%3Fresize%3D50

on the hidden service and tell me if anything loads?

I can't reproduce the issue. I don't know what to tell you. One last thing you can try, can you load up /proxy?i=https%3A%2F%2Ftechcrunch.com%2Fwp-content%2Fuploads%2F2016%2F05%2Fp1040495.jpg%3Fresize%3D50 on the hidden service and tell me if anything loads?
TorUser commented 2024-08-08 16:41:37 +00:00
Author
Copy Link

Huh, by clicking on the "https" icon -> "Connection secure" -> "More information", the CAPTCHA loads after some time, on this media section (not on the actual page).

Huh, by clicking on the "https" icon -> "Connection secure" -> "More information", the CAPTCHA loads after some time, **on** this media section (not on the actual page).
Page Info — http:__4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion_web?s=a 01:38 PM 08-08-2024.png
149 KiB
Page Info — http:__4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion_web?s=a 01:38 PM 08-08-2024.png
TorUser commented 2024-08-08 16:48:43 +00:00
Author
Copy Link

I can't reproduce the issue. I don't know what to tell you. One last thing you can try, can you load up

/proxy?i=https%3A%2F%2Ftechcrunch.com%2Fwp-content%2Fuploads%2F2016%2F05%2Fp1040495.jpg%3Fresize%3D50

on the hidden service and tell me if anything loads?

Seems to work fine, I got the image.

I don't know what to tell you

No problem, you are already helping me enough by going through this issue and maintaining the search engine.

> I can't reproduce the issue. I don't know what to tell you. One last thing you can try, can you load up > > /proxy?i=https%3A%2F%2Ftechcrunch.com%2Fwp-content%2Fuploads%2F2016%2F05%2Fp1040495.jpg%3Fresize%3D50 > > on the hidden service and tell me if anything loads? Seems to work fine, I got the image. > I don't know what to tell you No problem, you are already helping me enough by going through this issue and maintaining the search engine.
p1040495.webp (WEBP Image, 2236 × 1122 pixels) — Scaled (80%) — Tor Browser 01:42 PM 08-08-2024.png
2.2 MiB
p1040495.webp (WEBP Image, 2236 × 1122 pixels) — Scaled (80%) — Tor Browser 01:42 PM 08-08-2024.png
TorUser commented 2024-08-10 22:37:34 +00:00
Author
Copy Link

Today I also got the captcha to load by changing the header from "https" "http" (again, it doesn't show up in the actual webpage, but on a separate tab).

Today I also got the captcha to load by changing the header from "https" "http" (again, it doesn't show up in the actual webpage, but on a separate tab).
07:16 PM 10-08-2024.png
71 KiB
07:19 PM 10-08-2024.png
8.8 KiB
captcha (JPEG Image, 400 × 427 pixels) — Tor Browser 07:20 PM 10-08-2024.png
692 KiB
07:34 PM 10-08-2024.png
59 KiB
07:16 PM 10-08-2024.png 07:19 PM 10-08-2024.png captcha (JPEG Image, 400 × 427 pixels) — Tor Browser 07:20 PM 10-08-2024.png 07:34 PM 10-08-2024.png
lolcat commented 2024-08-10 23:42:37 +00:00
Owner
Copy Link

This seems to be a bug with the tor browser. Requests should not be upgraded to https when using tor.

For the last screenshot you sent, you are getting back an html page because I am telling the browser to use the cached version of the image in case the client attempts to reload the image. It's also a security feature where it prevents 4get from generating a different captcha with the same answer.

This seems to be a bug with the tor browser. Requests should not be upgraded to `https` when using tor. For the last screenshot you sent, you are getting back an html page because I am telling the browser to use the cached version of the image in case the client attempts to reload the image. It's also a security feature where it prevents 4get from generating a different captcha with the same answer.
TorUser commented 2024-08-11 00:13:05 +00:00
Author
Copy Link

This seems to be a bug with the tor browser.

Indeed, I checked it's issue tracker and that does seem to be the case:

  1. browser requests HTTPS images from onion domain
  2. security.mixed_content.upgrade_display_content.image is true by default

By toggling the configuration option listed above the captcha loads correctly. I think this issue can be closed now. Thank you for guiding me through this process.

> This seems to be a bug with the tor browser. Indeed, I checked it's issue tracker and that does seem to be the case: 1. [browser requests HTTPS images from onion domain](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43013) 2. [security.mixed_content.upgrade_display_content.image is true by default](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43013) By toggling the configuration option listed above the captcha loads correctly. I think this issue can be closed now. Thank you for guiding me through this process.
a (web) — Tor Browser 09:12 PM 10-08-2024.png
542 KiB
a (web) — Tor Browser 09:12 PM 10-08-2024.png
lolcat commented 2024-08-11 00:15:21 +00:00
Owner
Copy Link

Sick, glad you could fix the issue. Lmk if you find anything else.

Sick, glad you could fix the issue. Lmk if you find anything else.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: lolcat/4get#30
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?