[tor-bugs] #24433 [Obfuscation/BridgeDB]: moat isn't returning bridges on successful CAPTCHA completion?

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 27 19:38:52 UTC 2017 

#24433: moat isn't returning bridges on successful CAPTCHA completion?
----------------------------------+------------------------------
 Reporter:  isis                  |          Owner:  isis
     Type:  defect                |         Status:  needs_review
 Priority:  High                  |      Milestone:
Component:  Obfuscation/BridgeDB  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:  bridgedb-dist moat    |  Actual Points:
Parent ID:                        |         Points:  1
 Reviewer:                        |        Sponsor:  SponsorM
----------------------------------+------------------------------
Changes (by isis):

 * status:  new => needs_review


Comment:

 Aha, there was a bug in the `test-moat` script, because the server
 requires (in order to create and check the CAPTCHA) that it has some
 notion of what the client's IP is.  Added an "X-Forwarded-For" header to
 the curl command fixed it.  I've also made it somewhat easier to pass the
 latest challenge and the solution (always "Tvx74PMy" since that's the only
 CAPTCHA in the `bridgedb.git/captchas` directory):

 {{{
 (bdb)∃!isisⒶwintermute:(develop *$>)~/code/torproject/bridgedb ∴ ./scripts
 /test-moat fetch
 {"data": [{"challenge": "QSPBFMxqGi-
 mlxwPcjWJ7FJqY0FW0wx60B5zTM4LMWDda8VwRzKtClAsBCdVP-
 q8WDYD5sRj6PzDXF1hAdsOJu0M-
 AWokcF6nxfOg0ZadpINW3QHqtdu9Veg0j2GBjQVquyLi5LrZ2R1hNi17igQdm1xgtrLsnWbu_Ts4SCSRxBy9W6nXYkWRqnbzU2BQgbvkIKrDhbqAdhSQsWDr25tWYYRVK6k_GBSJOblJ_vRBYZdIuCC-
 BZVQicJM2c3j_5aj0ClApe_EacqN6CL-
 nk6yR9Ukw8gNQelIewvREkqbdxR6Rhiwfc059pIt9wyMQL6_yMODSpmtocui_5ecNDvSXPxE5qZiV9f-
 Rsg_Bh3ccFRFNpw", "id": 1, "version": "0.1.0", "type": "moat-challenge",
 "image":
 "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wAARCAB9AZADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD+lv8AZ8/Zy0z4H6/aaLreofDjxXqGn27RahoMGt2/jWbw58P/ABTq3iq2110k8UWsninUE8X6haq93b6XdWFpNr2o3kCWl5aWCQPV8f8AhcN4Y8Y3fwR8Faj4MvbfWtWi0u7n8I6z4g16Ww1/xl4Z8Mvc6bb6V9hm8Baf
 ptn4Ztru3bRZrvVdH8M2Fpr7aYt9GkRreDPFnw41vwd4X+Ifi34c3fgDx1AdD8N6Z4o8PeLNV0bwnBb6PqF14V1fV9A0yy8Y2V3ffDjwR4ne8uLY60dAsLXw54iWPS5JL3Untrr6A8BWnw+079pLXPHWv+PZIfEev61ZeFLDw3ptn4a07TNd8bXngOEy6feKtmfFun6suneEtW1TT01jWbnSL7TtWsJrDUrxnURgHQ+Jta0PQbxv+ER1uaKb4o6Fcw31pqV81hDPH4RsxYeMvFq6P4lGhS67e6jbWfhjQoNVvvEEhmtZk1GxjtolvJrvyX4faD8O/C3iDVrC9bWrnXfGHgLVfBF9qvh6/wDEfjjxhbNqGoWl/qEf/CR3l/rOn+F3E2pvqP2O81zWr+a2vdItor21SwsbR7Xxo8R3XxD1e+Hhr4X6BFo+h+Ftb8+21CaCy8b3Os3XiXQrPxnodve6Zqc1pp6xRvqUMesBL3Shrulz3F5qWkwaWl7La8XfDPwx4l+F02rXPivxt4f0+98JJ4k8Vy+G/EdjqfxI8IabqUi3E8GlfZNB8V3Gr6k8+iWlrJqI1RYRHpS/2RcW+n2qwxACeOvAOhWPgPw5Y6ZYa9pXhz4VjRZfClpfXWuabrGhS+FTpvhc6nq3h/Xda0XSH0eyt9O1G1bxLY6pcmEalZa5p6kRjUT5p4z8KfDH4f33jW/8P+GvCGjeO/2ifHtlZ6np2peBfFWtW/xe8PJovh+fx6bEaClg2haPqV2VZtR1y41zw+JUvNQ1Sa8Gr3sp6eLWta/aF8aa1Y6g2qeOvhssdx8P/F3hXwx4hbw74q8PReEPGBOheI9StL97Wy002r/bT44Sz8T3sniS003w5eQ6WLO/uNNX1PxXrfwqliubLxJq/wAS7mx8JaX4T1OS68Q+Jbrwb4W8JeK59ZuobF9Z8d6bqOl2mrw6xe601rqWl6Rf6voUUfhs6ZDaLdRWtpKAeXeBofElt
 8NvCfhLxIPGHwT1L4ZeIvClrYeOvDsVuLjVvD2uXsHhzRpvEkutOLbUL7W9Q8ReJ7qKyWTWtP0toGvr+zF+9pBXY+K/H3w71qGXw/4L8ba38RNT1zUvCFlFr3hfxfa+GNX8ST+NPEd9YSX1pJ4AsLPUZNe8MDRpv7YM+mRLa+HrOSV72SJdUtpu+0DTNQ0Cz0lND0my+JmqeJ9Iutf8UeHtB8W3Gp/DO7urSwh8QbgfET62NOlvfFfiGO50iLR4bOefS3jnkF39htbU+E3uqeFdVlsL7xN8O9Y+HPhXwtrdz448E+ED40tdH8cP4l8VJdanqPiDXvDGiaG/iLTZbbxNrsvhHw7pVlquptez6rJeNpEUltazqAfQHh3x38NfB/jK08I2UnxIvPFOjXHiabw7Dq2sxXVrZajeXGhLqNtq3hiy1nT7+/kMfieDxAt/4p04XUOlzXuoSX9vAoK+G2fjkx+Or7w7H4U8Qf8ACPa54r+KVj4g+JXh6DxdrVz4GuNQ1/VdH0rTpPFOj6pY2eoad4g1W/tdROg+HZp5/C09uF1LTWkFzrFi6w+IllqNv/wk99ZXemeLPF+kaj4Gg1PxP4Pl12x1DwpDp19Bpml+MrefWNKfwx4pPiXT9W8OQrqniaebVL+CRbpYRf6fFa6Hx3j1u38P/CfS/A2uePvDCeDI9O1bWfHOsavo2k2X27xzqGm2Gkadb6t4h1j/AIQvxFqc+pagttdQpo/iuK30Z77TrCWz1W901pgDmvDngL4aaFo9xoVt4h8Yan/wqC2nmg1DxHd+IIfiV4MtNG8TeIrvUfG/hmI3tzfeID4tv5ZGtEjuLeDXdAtrSJ4tbk09rZ+s8SR3TeHbO70bRbr4jaX4t0HTde8Wav4WtdAh1HWvGOtPo1pF4k1r4b2Ed9PqN/4RsnhvtR1kQajdaSl3o7/2Hrs9mj2XP/HLw5pB+IPwt+Gfi200u98O3+mXekz+FFbSbG28ZXOr2e
 oy350jw3o/w68T3QfwZZ6XNr2gXUfiXSZrWTX/ACdVvAt0gat8MPjDaeJ/EiXvw4istK02w8CeMblPhpovhs2OreD9Xg1XVLPVNCvtZi8M2PiXS4tR1nwssXiq00TS/EetHXr6xjVLBRp8uogHs9r4D02+1rwV4N0HW/Eeu3Xwp8QQ6h4nstG8SwRX8d5e2812U8TQaHPokEemTQ+IbiN7i7sdN8T6hNpJFxZazbXV248m8D678KfhH4y8Z/Dzxr4V0vUrZL3xd8S/CV9BYnU/JUzXum6VbzeLPE+sK+g+JNGmTX9I1C7v510m0u9S02BdZ0s6tZWNzqHW/CH7SFz4R8SaDqE/gXWYPGnhmz+Mmp+G7zxh4Zi8RanoVrrCaV4M1rUtOfwzrq6hDJKJrXR77UQ9jc3L2viHSnvBa2U8vjg6/bppPxH8LaDr/jn4g6Hd3Hiy40jw94gnsNE8eaRa2PjS3bw2bKPQ43i1DTprjT7iXTte0uH+3pdB0bztS1O60yR4gDb+MTa/oP2XSrj4Sj4jx6n4jiPhDT/C/jWGdjc6b4MYafD4lW41Tw1Y/DnSre6sdP8AEdpFp39vafZ6pZm7tM63c2M1c94f1j4z2V/q+va14d0nx54x1jW7H4bXEX
 }}}

 Taking the "challenge" field from the above response along with the
 solution, it should respond now with bridges:

 {{{
 (bdb)∃!isisⒶwintermute:(fix/24433 *$)~/code/torproject/bridgedb ∴
 ./scripts/test-moat check QSPBFMxqGi-
 mlxwPcjWJ7FJqY0FW0wx60B5zTM4LMWDda8VwRzKtClAsBCdVP-
 q8WDYD5sRj6PzDXF1hAdsOJu0M-
 AWokcF6nxfOg0ZadpINW3QHqtdu9Veg0j2GBjQVquyLi5LrZ2R1hNi17igQdm1xgtrLsnWbu_Ts4SCSRxBy9W6nXYkWRqnbzU2BQgbvkIKrDhbqAdhSQsWDr25tWYYRVK6k_GBSJOblJ_vRBYZdIuCC-
 BZVQicJM2c3j_5aj0ClApe_EacqN6CL-
 nk6yR9Ukw8gNQelIewvREkqbdxR6Rhiwfc059pIt9wyMQL6_yMODSpmtocui_5ecNDvSXPxE5qZiV9f-
 Rsg_Bh3ccFRFNpw Tvx74PMy
 {"data": [{"qrcode":
 "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCAFeAV4BAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APf6KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKz9b1vTvDmjz6tq1x9nsYNvmS7GfbuYKOFBJ5IHArj/+F2/Dz/oYf/JK4/8AjdH/AAu34ef9DD/5JXH/AMbo/wCF2/Dz/oYf/JK4/wDjdH/C7fh5/wBDD/5JXH/xuuo8N+KdG8XadJf6Hefa7WOUws/lPHhwASMOAejD86sa3reneHNHn1bVrj7PYwbfMl2M+3cwUcKCTyQOBVfw34p0bxdp0l/od59rtY5TCz+U8eHABIw4B6MPzqxret6d4c0efVtWuPs9jBt8yXYz7dzBRwoJPJA4Fcf/AMLt+Hn/AEMP/klcf/G67iwvrfU9Otr+zk8y1uokmhfaRuRgCpweRkEdax/E/jbw74O+y/2/qH2P7Vv8n9zJJu243fcU4xuXr61n6J8UvBviPWINJ0nWftF9Pu8uL7LMm7apY8sgA4BPJrsKK5/xP428O+Dvs
 v8Ab+ofY/tW/wAn9zJJu243fcU4xuXr61z/APwu34ef9DD/AOSVx/8AG66Dwx428O+MftX9gah9s+y7PO/cyR7d2dv31Gc7W6elZ+t/FLwb4c1ifSdW1n7PfQbfMi+yzPt3KGHKoQeCDwaz/wDhdvw8/wChh/8AJK4/+N1YsPi/4E1PUbaws9d8y6upUhhT7JONzsQFGSmBkkda2PE/jbw74O+y/wBv6h9j+1b/ACf3Mkm7bjd9xTjG5evrXP8A/C7fh5/0MP8A5JXH/wAbrY8N/ETwr4u1GSw0PVftd1HEZmT7PLHhAQCcuoHVh+dV9b+KXg3w5rE+k6trP2e+g2+ZF9lmfbuUMOVQg8EHg1Y8N/ETwr4u1GSw0PVftd1HEZmT7PLHhAQCcuoHVh+dV9b+KXg3w5rE+k6trP2e+g2+ZF9lmfbuUMOVQg8EHg12FFef/wDC7fh5/wBDD/5JXH/xuj/hdvw8/wChh/8AJK4/+N0f8Lt+Hn/Qw/8Aklcf/G6P+F2/Dz/oYf8AySuP/jdegVy/iT4ieFfCOox2Guar9kupIhMqfZ5ZMoSQDlFI6qfyrH/4Xb8PP+hh/wDJK4/+N0f8Lt+Hn/Qw/wDklcf/ABuj/hdvw8/6GH/ySuP/AI3R/wALt+Hn/Qw/+SVx/wDG69Aoooorz/42/wDJIdd/7d//AEojryT4TfCbQfHnhW61TVLvUoZ4r17dVtZEVSoRGydyMc5c9/Su7/4Zx8H/APQS1z/v/D/8ao/4Zx8H/wDQS1z/AL/w/wDxquY+InwU8N+EfAmpa5YXuqyXVr5WxJ5Yyh3SohyBGD0Y966f9nH/AJJ5qH/YVk/9FRVh3XjXUviH8QdQ+GerQWkOiz3txbtPaIy3AWAtIhDMzLkmJc/L0JxjtU8SeJLz4EajH4X8LxwXljdRDUHk1NTJIJGJjIBjKDbiJeMZyTz6V9E+I+sfFvWIPA+v21jbaZqe7zpbBHSZfLUyrtLsyj
 5o1Byp4J6da5/4wfDjR/h//Y39k3N9N9u8/wAz7W6NjZ5eMbVX++eue1SaT8ffFWjaNY6Xb6fozQWVvHbxtJDKWKooUE4kAzgegrq/DH/GQP2r/hK/9C/sTZ9m/sr93v8AOzu3+ZvzjylxjHU9e3lkepTfDn4m3txo6xzvpN7c28AuwWDKC8WW2lcnac8Y5/KvoP4P/EfWPiB/bP8Aa1tYw/YfI8v7Ijrnf5mc7mb+4OmO9eoV8/8A7TX/ADK3/b3/AO0a8U8NabDrPirSNLuGkWC9vYbeRoyAwV3CkjIIzg+hr2vxP/xj99l/4RT/AE3+29/2n+1f3mzycbdnl7MZ81s5z0HTv5ZJqU3xG+JtlcawscD6te21vOLQFQqkpFldxbB2jPOefyr3P/hnHwf/ANBLXP8Av/D/APGq8oufDdn4R+P2l6HYSTyWtrqthsedgXO4xOckADqx7V2/7TX/ADK3/b3/AO0a8Ar2D9nH/koeof8AYKk/9GxV6H8TvhNoOqw+IvGE93qS6glk9wI0kQRboocKMFCcfIM8+vSvAPBXjXUvAeszappcFpNPLbtbst0jMoUsrZG1lOcoO/rVPxT4kvPF3iO71y/jgjurrZvSBSEG1FQYBJPRR3r7nor4Ar3j4d/BTw34u8Cabrl/e6rHdXXm70gljCDbK6DAMZPRR3rg/hN4K03x54qutL1Se7hgisnuFa1dVYsHRcHcrDGHPb0o+LPgrTfAfiq10vS57uaCWyS4Zrp1Zgxd1wNqqMYQdvWvsOvmD9o7/koen/8AYKj/APRstd//AMM4+D/+glrn/f8Ah/8AjVH/AAzj4P8A+glrn/f+H/41R/wzj4P/AOglrn/f+H/41XjnxZ8Fab4D8VWul6XPdzQS2SXDNdOrMGLuuBtVRjCDt619h0UUUV5/8bf+SQ67/wBu/wD6UR1z/wCzj/yTzUP+wrJ/6Kir5gor6/8Ajb/ySHXf+3f/ANKI65/9nH/
 knmof9hWT/wBFRV5hpGt6d4c/aJ1DVtWuPs9jBquoeZLsZ9u7zVHCgk8kDgVX+NfinRvF3jKzv9DvPtdrHp6Qs/lPHhxJISMOAejD86+h/D+t6d4c+Eug6tq1x9nsYNKs/Ml2M+3ciKOFBJ5IHAry/wCJv/F4/wCy/wDhAv8Aib/2V5v2z/l38rzdmz/XbN2fLfpnGOcZFaGs63p3iD4Xx/DXS7j7R4uitLayfT9jJia3KGZfMYCP5RE/O7BxwTkZ8Q8T+CfEXg77L/b+n/Y/tW/yf30cm7bjd9xjjG5evrWfomiaj4j1iDSdJt/tF9Pu8uLeqbtqljyxAHAJ5Ndh/wAKS+If/Qvf+Ttv/wDHK+h7+xuNM+BVzYXkfl3Vr4aeGZNwO11tiGGRwcEHpXjHwL8beHfB39vf2/qH2P7V9n8n9zJJu2+Zu+4pxjcvX1r3/Xf+Km+Hmp/2R/pP9p6VL9j/AIPN8yI7PvYxncOuMZ5xXj/wy/4s5/an/Ce/8Sj+1fK+x/8ALx5vlb9/+p37ceYnXGc8ZwawPG3gnxF8RvF994r8Kaf/AGhol/5f2a686OLfsjWNvkkZWGHRhyB0z0rv/gX4J8ReDv7e/t/T/sf2r7P5P76OTdt8zd9xjjG5evrXEfGD4d+KtQ8ba/4ltdK8zSFiSY3H2iIYSOBA52lt3G1u3OOK838MeCfEXjH7V/YGn/bPsuzzv30ce3dnb99hnO1unpX1P8PLG48E/Cizh8Qx/YpNOiuJrobhJ5aCSSTPyZz8pzxn868w+NfxE8K+LvBtnYaHqv2u6j1BJmT7PLHhBHICcuoHVh+da/wt+KXg3w58ONJ0nVtZ+z30HneZF9lmfbumdhyqEHgg8GvSPDfxE8K+LtRksND1X7XdRxGZk+zyx4QEAnLqB1YfnVfW/il4N8OaxPpOraz9nvoNvmRfZZn27lDDlUIPBB4Neb/BT4d+KvCPjK8v9c0r7Jayae8Kv9oiky5k
 jIGEYnop/KvSNb+KXg3w5rE+k6trP2e+g2+ZF9lmfbuUMOVQg8EHg18keG/C2s+LtRksNDs/td1HEZmTzUjwgI
 }}}

 Please let me know if this works for you!

 The fix is in my `fix/24433` branch which I've already merged into the
 `develop` branch.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24433#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list