[tor-bugs] #15967 [Obfuscation/BridgeDB]: Separate BridgeDB's CAPTCHA into another service

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 14 23:45:25 UTC 2017


#15967: Separate BridgeDB's CAPTCHA into another service
-------------------------------------------------+-------------------------
 Reporter:  isis                                 |          Owner:  isis
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Obfuscation/BridgeDB                 |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  bridgedb-https captcha tor-launcher  |  Actual Points:  2
  ooni-probe                                     |
Parent ID:                                       |         Points:  2
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorM
-------------------------------------------------+-------------------------
Changes (by isis):

 * status:  new => needs_review
 * points:   => 2
 * sponsor:   => SponsorM
 * actualpoints:   => 2


Comment:

 I made a CAPTCHA server here: https://github.com/isislovecruft/farfetchd

 It has a JSON API:

 1) `GET /fetch` will return JSON in the form:
    {{{
    {
      'image': null or base64-encoded jpeg image,
      'challenge': null or url-safe base64-encoded challenge string,
      'error': null or ascii-encoded string describing the error,
    }
    }}}

 2) `POST /check?data=[…]` where the `data` url parameter is a JSON string
 in the following form:
    {{{
    {
      'challenge': base64-encoded challenge string (from the above
 response),
      'response': base64-encoded response (i.e. the CAPTCHA solution),
    }
    }}}
 The farfetched server will attempt to verify the challenge response, and
 replies with JSON in the following form:
    {{{
    {
      'result': bool,
      'error': null or base64-encoded string describing the error,
    }
    }}}

 Please let me know if this API seems like it'll work on the Tor Browser
 side, or if there's any way I could make it easier to process the data
 and/or hand it back and forth.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15967#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list