[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] do Cloudfare captchas ever work?

On Mon, Jun 22, 2015 at 06:53:23PM -0400, Mansour Moufid wrote:
> Sometimes I wonder if it's really Cloudflare, or some bad exit node
> running a CAPTCHA solving business.

If one doesn't use TLS that is a valid claim.

Since the captcha image delivery should originate from google with https in most
cases, you only need to redirect the cloudflare redirect, and since
cloudflare promotes and encourages TLS itself, it depends soley on the
tor user or the site participating in the cf-cdn using HSTS and CSP.

If you don't use TLS you may run into problems I mentioned earlier with
the privoxy filters and you are wide open to many scary injection and
XSS attacks.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to