[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] do Cloudfare captchas ever work?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] do Cloudfare captchas ever work?
From: ÃaÄÄl P. Åesto <secpost@xxxxxxxxxxx>
Date: Tue, 23 Jun 2015 21:27:42 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Jun 2015 15:25:45 -0400
In-reply-to: <CALogXGV2Su4My0EuU45d5CLSm-8CbgbBXPDAV69YBZ1FRQ652Q@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5584E032.6060001@xxxxxxx> <1434800149.26545.13.camel@xxxxxxxxxxxxxxx> <558621B3.7000403@xxxxxxx> <20150622143619.GA20787@xxxxxxxxxxxxxxxxxxxxx> <JsSEPul----0@xxxxxxxxxxx> <JsSQENd----0@xxxxxxxxxxx> <CALogXGV2Su4My0EuU45d5CLSm-8CbgbBXPDAV69YBZ1FRQ652Q@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.23+89 (0255b37be491) (2014-03-12)

On Mon, Jun 22, 2015 at 06:53:23PM -0400, Mansour Moufid wrote:
> Sometimes I wonder if it's really Cloudflare, or some bad exit node
> running a CAPTCHA solving business.

If one doesn't use TLS that is a valid claim.

Since the captcha image delivery should originate from google with https in most
cases, you only need to redirect the cloudflare redirect, and since
cloudflare promotes and encourages TLS itself, it depends soley on the
tor user or the site participating in the cf-cdn using HSTS and CSP.

If you don't use TLS you may run into problems I mentioned earlier with
the privoxy filters and you are wide open to many scary injection and
XSS attacks.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] do Cloudfare captchas ever work?
  - From: Joe Btfsplk
- Re: [tor-talk] do Cloudfare captchas ever work?
  - From: Lars Luthman
- Re: [tor-talk] do Cloudfare captchas ever work?
  - From: Joe Btfsplk
- Re: [tor-talk] do Cloudfare captchas ever work?
  - From: ÃaÄÄl P. Åesto
- Re: [tor-talk] do Cloudfare captchas ever work?
  - From: Colin Arnott
- Re: [tor-talk] do Cloudfare captchas ever work?
  - From: Mansour Moufid

Prev by Author: Re: [tor-talk] Tor-ramdisk 20150616 released
Next by Author: Re: [tor-talk] do Cloudfare captchas ever work?
Previous by thread: Re: [tor-talk] do Cloudfare captchas ever work?
Next by thread: Re: [tor-talk] do Cloudfare captchas ever work?
Index(es):
- Author
- Thread