Pale Moon forum

Hello,

I'm surfing under tor (127.0.0.1:9050).
I have a problem Cloudeflare Captcha

With the same tor configuration under
Firefox (66.0.5-1), Firefox displays the page WITHOUT the cloudfare captcha
?
Capthas work well when unlocking,
but my problem is that firefox must have something incorporated that palemoon doesn't have.
Firefox in tor mode (127.0.0.0.1.1:9050) works with cloudfare captcha (I don't see the captchas),
palemoon in tor mode (127.0.0.0.1.1:9050) does not work with cloudfare captcha (I see the captchas).

Firefox and palemoon both have
(https://wtfismyip.com/json)
tor exit addresses (nodes) recognized by Cloudeflare.
the list of 'tor exit nodes' is well known:
https://raw.githubusercontent.com/fireh ... el3.netset

Firefox works with a tor exit node, (I don't see captcha),
palemoon does not work with a tor exit node (I see captcha).

Spoofing identities (user agent) under firefox does not change, firefox does not display captchas.

- There is something I don't understand, even with a blank palemoon profile,
it's the same problem,
I updated under the latest version of palemoon, same problem.

I am on Linux, currently palemoon-bin 28.4.0-1

For example with the website
https://alternativeto.net/
https://linux.die.net/
https://cyberciti.biz/
that uses cloudflare

- So the two browsers that seem identical in appearance 'for the Cloudeflare service'.
Except that for one (firefox) the Cloudeflare Service 'Is Not Required'.

So there's something in palemoon in addition or less of firefox.

There are a lot of threads on the forum about Captcha already. The short of it is, most of these systems discriminate against small browsers and make it more difficult or impossible for them to verify that their users are human. It isn't a fault with the browser, but with the Captcha systems.

Edit: I can view all of these pages without an issue... Where exactly does the Captcha show up? Are you trying to log in somewhere?

Capthas work well when unlocking,
but my problem is that firefox must have something incorporated that palemoon doesn't have.

Cloudflare will present a captcha to tor users by default (it's a default-enabled WAF rule when you use Cloudflare).
It should also present this to Firefox when Tor is being used -- if that is not the case, then there must be a specific exception rule @ Cloudflare for Firefox users.

In short: this is not a browser-side thing; it's entirely in the hands of Cloudflare.

Firefox in tor mode (127.0.0.0.1.1:9050) works with cloudfare captcha (I don't see the captchas),
palemoon in tor mode (127.0.0.0.1.1:9050) does not work with cloudfare captcha (I see the captchas).

Spoofing identities (user agent) under firefox does not change, firefox does not display captchas.

The website owner can outright block or present a captcha to Tor IPs. You are at the mercy of the website owner and/or CloudFlare if that IP you're using has a bad reputation. To help mitigate this issue read here: https://support.cloudflare.com/hc/en-us ... loudflare-

Now note that the website owner has to turn on the Privacy Pass feature in their CloudFlare account for it to work. So if you install Privacy Pass and websites still present a captcha, then contact that website and let them know and consider turning on the Privacy Pass option in their CloudFlare account.

Firefox and palemoon both have
(https://wtfismyip.com/json)
tor exit addresses (nodes) recognized by Cloudeflare.
the list of 'tor exit nodes' is well known:
https://raw.githubusercontent.com/fireh ... el3.netset

Firefox works with a tor exit node, (I don't see captcha),
palemoon does not work with a tor exit node (I see captcha).

Are you even reading the replies, because all you do is repeat what you've already said?

As stated this is not a browser-side issue. We are not Firefox and if Firefox in a certain configuration is treated differently by the CloudFlare captcha system, then that is out of our hands. Personally I think any tor exit node should -always- be presented with a captcha page given the nature of most traffic exiting the tor network, regardless of browser, "privacy pass" or what not being in use.

Let's focus on the technique:
palemoon and firefox both use the same connection configuration under tor, (127.0.0.1:9050):

Cloudeflare passes through one (firefox) and the other (palemoon) not.

What does that indicate in logical terms ?
Two browsers that seem identical in appearance 'for the Cloudeflare service'.
Except that for one (firefox) the Cloudeflare Service 'Is Not Required'.

So there's something in palemoon in addition or less of firefox.

zdmv09rzbtklezd8d wrote: ↑

2019-06-17, 00:12

So there's something in palemoon in addition or less of firefox.

No... there's something in CloudFlare that is presenting the captcha. You won't be able to use Privacy Pass in PM unless it's allowed to be coded into a XUL, but you can use it with the Tor browser.

Besides the fact you're really not gaining any real "privacy" with Tor, I wouldn't use it and instead just use a good, reputable VPN.

Websites have loads of techniques for detecting what browser you're using. Websites often discriminate between browsers, choosing to better or differently serve the ones that are more well-known than others, such as Firefox and Chrome. They can and will do this, regardless of Tor or VPN usage.

Isengrim wrote: ↑

2019-06-17, 02:45

Websites often discriminate between browsers...

Most of the time it's plain ignorance. Many times I have been refused access because "my browser was too old". It wasn't too old, just that PM was not in their list. Instead of just running through a limited selection for IE, Chrome, Firefox, Safari, Opera using "if" and "elseif", if they included an else" for the scores of browsers that they don't know about, no harm would be done.

It's possible, but it's complicated.
You have to play with the registry (prefs.js) and make the browser look like another version than it is.
Copy the registry from a browser that works to a browser that does not work.
It works especially for firefox 65.0-1
It works with firefox 65.0.2-1
It works with firefox 65.0.1-1-1

Not with waterfox 56.2.7.1
Not with cyberfox 52.9.1


but where it gets really strange is that sometimes when you try to reproduce the phenomenon
(delete the directory /home/user/.mozilla/firefox
copy the file that works prefs.js)

you have problems you fall back with a browser THAT DOES NOT WORK.

EXCEPT EXCEPT EXCEPT
if you restart tor ('new tor exit' node address)
and restart firefox
NOW IT'S WORKING AGAIN.


I DO NOT UNDERSTAND THE LINK between these two elements:
I know, as I wrote above, that exit tor addresses are known,

but I don't understand the link between the browser and the tor address

- how from one firefox reboot to another,
preferences change.

there's something that seems FISHY REALLY FISHY to me.



* By default and for information:
Tested on other browsers in tor mode (127.0.0.0.1.1:9050):
situation identical to palemoon: "captcha problem" (I see captcha)
arora-git 0.11.0.27 https://github.com/arora/arora
brave 0.65 https://brave.com
google-chrome 75
vivaldi 2.5.1525 https://vivaldi.com
firefox and firefox forks:
waterfox 56.2.7.1 "optimized" firefox https://www.waterfoxproject.org/
cyberfox 52.9.1 "privacy..." firefox https://8pecxstudios.com/
firefox 65.0-1
firefox 65.0.1-1
firefox 65.0.2-1
firefox 65.0-2


situation identical to Firefox (66.0.5-1): "no captcha problem" (I don't see captcha)
icecat 60.7.0-1 http://www.gnu.org/software/gnuzilla/
firefox 60.0.1-1
firefox 64.0.2-1
firefox 66.0-1
firefox 66.0.2-1
firefox 66.0.5-1
firefox 67.0-1
firefox 67.0.1-1

Not sure what you're trying to achieve here but it's clear that the problem is universal to your use of Tor. I suggest you go to a Tor forum or chat channel and get your answers there.