[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] do Cloudfare captchas ever work?

Just to clarify (to all that replied) - I have JS enabled. At least, when trying to get captchas to work.
Then, I'm using Tor Browser's default settings for NoScript.

I just tried a couple of sites w/ Cloudfare.
Today, it worked, but not on the 1st try - even with legible house numbers.
But today I also checked the exit relay country, when it worked. It was in a "well behaved" European country.

Other times when Cloudfare didn't work, I didn't always think to check, to see if there's any pattern to Cloudfare not working & specific exit relay countries.

FYI - for others, when using _vanilla Firefox_ & AdBlock Plus (or similar), Cloudfare doesn't like it. Even if NoScript is set to allow all scripts. Maybe because of blocking ads, but also maybe because ABP blocks some scripts. Depending on the target site, some of those may be 3rd party scripts (for CDNs, or....) that Cloudfare requires to be allowed, before they'll allow the captcha to work.

On 6/20/2015 6:35 AM, Lars Luthman wrote:
On Fri, 2015-06-19 at 22:38 -0500, Joe Btfsplk wrote:
Does anyone have any meaningful success rate with Cloudfare captchas in
Tor Browser?

Using default browser installation & settings?
I so  rarely have success, that I immediately close tabs for sites
presenting Cloudfare.
Even when the puzzle is clearly legible (rarely), it still doesn't work.
Not for me - with default TBB settings or even allowing 1st party
cookies from the target site.

If others have even partial success, what's the secret?
Getting a different exit relay/ exit country / exit IPa?
That's the only way that ever works for me. Or turning Javascript on,
but I don't want to do that for HTTP sites.

With Javascript on you usually get easier captchas that often let you
through when you get them right. With Javascript off you get the
captchas that look like the names of Lovecraftian deities distorted
through non-Euclidean geometries that are difficult even for us humans
to solve, and even when you definitely solve them you aren't allowed
through but just get presented with another captcha, and another, and
another, ad infinitum.

Switching to different exits helps, but you often have to switch 10 - 20
times in a row before you hit an exit relay that Cloudflare in their
benevolent wisdom has deemed good enough to be allowed to view the web.
And even then you usually just get a few minutes before the gate is
slammed shut and you're back with the captchas.

I suspect that the new exit-switching feature in Tor Browser has made it
slightly worse by putting more load on the few exits that are allowed
through at any given time, making it more likely that Cloudflare will
think it's some sort of DoS attack or automated scraper and block it.
Cloudflare has essentially broken the web for Tor users.

For some reason web proxies like hidemyass.com never seem to be blocked
by Cloudflare so one (annoying) solution is to use one of those with Tor


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to