-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CAPTCHA breaks login workflow #235
Comments
I'm able to reproduce this behavior regardless of if I'm using Tor, a normal proxy, or a VPN. Would being able to use cookies from a browser be related to #218? |
Yes, indeed a cookie jar implementation would help to allow users to temporarily bypass the login procedure within their web browser, and to export the cookie jar file (netscape format?) then. I've made a Browser Extension that exports the cookie jar, for tools like yt-dlp and other scrapers: https://github.com/cookiengineer/me-want-cookies |
How does hydroxide currently store cookies? Maybe there's a more manual method to bypass it for the time being? |
It does not preserve cookies across requests, and #218 is about fixing that. |
Is there anything I can do about this? Or can I just never connect a new device? Does that mean if the config for my current devices is lost, I won't be able to log them back in again either? |
Yeah, it probably does. I tried to use hydroxide for the first time, and I can't use it because of this problem. |
For anyone else who runs into this, the change in #225 fixed the issue for me. |
I went down this rabbit hole, and if you are really stuck, the official proton-bridge might help. It can be built without the GUI( I created a FreeBSD port for hydroxide.. that's what I am using at the moment: https://github.com/0x1eef/ports/tree/main/freebsd/mail/hydroxide. It pulls in the patch from #225 during build time. I'm not sure why it works for some, and not others. I also don't know Go to help further than that. |
The most proper fix would be for hydroxide to seamlessly launch the CAPTCHA puzzle instead of crapping out. From there, everything else is just hacks & workarounds (all of which are less convenient than if hydroxide were to render the puzzle on demand). That said, I’ve heard rumors that the CAPTCHA is never sent to onion users. If you’re using a Tor exit node to reach the clearnet API, it’s a recipe for CAPTCHA hell. Theoretically, you can reach the onion API by following the steps in bug #239. (Of course the caveat at the moment is that the |
@0x1eef but how did you launch the official proton-bridge after building? [user@nuc proton-bridge]$ make build-nogui
#successfully install process
[user@nuc proton-bridge]$ ls
bridge Changelog.md CONTRIBUTING.md dist extern go.sum LICENSE pkg README.md tests utils
BUILDS.md cmd COPYING_NOTES.md doc go.mod internal Makefile proton-bridge release-notes TODO.md
[user@nuc proton-bridge]$ ./proton-bridge
FATA[Dec 24 10:44:21.808] No executable in launcher directory error="no executable found" exe_to_launch=bridge-gui launcher_path=/home/user/proton-bridge/proton-bridge launcher_version=3.0.6+git |
Try I wasn't able to build proton-bridge on (Free|Open)BSD. It is not platform neutral. It expects to be built on either Windows, Linux, or OS X. |
I get this from proton-bridge:
So no, proton-bridge is not an alternative to hydroxide. |
As far as I know a paid subscription is required regardless of whether or not hydroxide is being used. |
Hydroxide does not require paid subscription. |
That's good, and surprising. I wouldn't have thought Proton would let you generate a bridge password without a paid subscription. |
When will this issue be fixed? I really want to get ProtonMail working with Thunderbird. |
When someone figures out a proper solution. |
Recently it stopped giving me this message and started working again. |
Sadly I still need a captcha |
Try to enable 2FA on your account. |
I enabled 2FA, still [user@host hydroxide]$ ./hydroxide auth [email protected]
Password:
2023/05/11 19:20:13 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
2023/05/11 19:20:13 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse Edit: So this is the final answer for this problem. Adding |
I just tried that combination and it did not skip the Captcha challenge for me. |
The response the
The response also includes a session cookie. |
I am also still having problems with solving CAPTCH-a. Are there any new workarounds? Tried the extra code added to protonmail.go - no luck and tried to authenticate with session ID as mentioned but didn't work. If anyone got around it i kindly ask for help. Thanks. |
I've had this captcha solver on the side for a while now. If anybody wants to implement this into hydroxide, you're free to do so. Sorry if some imports are missing but the most important parts are there. 100% solve rate so far. |
If we have to solve CAPTCHA somehow, could we have an interactive way to (temporarily?) pass the authentication? Prompting an image URL and let the user type the answer is good enough to me, assuming the CAPTCHA only occur sometimes during logining which is interactive anyway. But currently it just fail and give up with an escape hatch. |
I have a workaround to CAPTCHA. Maybe someone would feel like to give it a try. |
The work around i used was login to my ProtonMail account from the official domain, completed the displayed CAPTCHA and then i was able to login with hydroxide again. |
When using
hydroxide auth <username>
, it will lead to a captcha being displayed on the website; which seems to break the login/auth mechanism:Are there any ways to maybe login via Browser and export/reuse the cookies or similar?
The text was updated successfully, but these errors were encountered: