[tor-talk] do Cloudfare captchas ever work?
Çağıl P. Şesto
secpost at abwesend.de
Tue Jun 23 19:27:42 UTC 2015
On Mon, Jun 22, 2015 at 06:53:23PM -0400, Mansour Moufid wrote:
> Sometimes I wonder if it's really Cloudflare, or some bad exit node
> running a CAPTCHA solving business.
If one doesn't use TLS that is a valid claim.
Since the captcha image delivery should originate from google with https in most
cases, you only need to redirect the cloudflare redirect, and since
cloudflare promotes and encourages TLS itself, it depends soley on the
tor user or the site participating in the cf-cdn using HSTS and CSP.
If you don't use TLS you may run into problems I mentioned earlier with
the privoxy filters and you are wide open to many scary injection and
More information about the tor-talk