https://github.com/cowlicks/bypasser

A Chrome Extension that implements Cloudflare's captcha bypass specification for Tor.
https://github.com/cowlicks/bypasser

blind-signatures captcha cryptography tor webextension

Last synced: 19 days ago
JSON representation

A Chrome Extension that implements Cloudflare's captcha bypass specification for Tor.

• Host: GitHub
• URL: https://github.com/cowlicks/bypasser
• Owner: cowlicks
• Created: 2016-12-17T09:10:18.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-05-19T15:47:22.000Z (almost 3 years ago)
• Last Synced: 2025-03-25T07:12:56.645Z (about 1 month ago)
• Topics: blind-signatures, captcha, cryptography, tor, webextension
• Language: JavaScript
• Homepage:
• Size: 121 KB
• Stars: 28
• Watchers: 4
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
## Minimal implementation of Cloudflare's captcha challenge bypass specification for Tor

Cloudflare's spec is [here](https://github.com/cloudflare/challenge-bypass-specification/).

A video demo of this extension working is [here](https://youtu.be/cO4SsoHN7Yw).

Where we're at:

- [x] Implement RSA blinding/unblinding/signing etc.

- [x] Get a test server responding with proper meta tags.

- [x] Client/extension detects meta tag.

- [x] Client submit tokens for signing.

- [x] Server sign and respond.

- [x] Client recieve tokens.

- [x] Client redeem tokens.

- [x] Server verify tokens.

- [ ] Transport encryption/jwt.

 

Also todo:

- [ ] Handle multiple signing keys better

- [ ] Use a full domain hash for blinding the message

- [ ] Make signature verification constant time

- [ ] Compare formats for sending tokens: stringifyed nums? bytes?

- [ ] Fill unsigned token pool asynchronously

- [ ] Move blind, keys, tokens to a node package

- [ ] Refresh page on redemption

- [ ] Enforce number of signatures allowed per captcha on server