Skip to content
/ bypasser Public

A Chrome Extension that implements Cloudflare's captcha bypass specification for Tor.

28 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cowlicks/bypasser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
lib
lib
 
 
server
server
 
 
skin
skin
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
manifest.json
manifest.json
 
 

Repository files navigation

Minimal implementation of Cloudflare's captcha challenge bypass specification for Tor

Cloudflare's spec is here.

A video demo of this extension working is here.

Where we're at:

  • Implement RSA blinding/unblinding/signing etc.
  • Get a test server responding with proper meta tags.
  • Client/extension detects meta tag.
  • Client submit tokens for signing.
  • Server sign and respond.
  • Client recieve tokens.
  • Client redeem tokens.
  • Server verify tokens.
  • Transport encryption/jwt.

Also todo:

  • Handle multiple signing keys better
  • Use a full domain hash for blinding the message
  • Make signature verification constant time
  • Compare formats for sending tokens: stringifyed nums? bytes?
  • Fill unsigned token pool asynchronously
  • Move blind, keys, tokens to a node package
  • Refresh page on redemption
  • Enforce number of signatures allowed per captcha on server

About

A Chrome Extension that implements Cloudflare's captcha bypass specification for Tor.

Topics

cryptography captcha tor webextension blind-signatures

Resources

Readme
Activity

Stars

28 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages