Captcha Bug on 33.1.1 Topic is solved
Moderator: dbsoft
Forum rules
Important note:
The old Mac OS versions of Pale Moon were provided by various people and not official or in any way organized. Please make sure you check the date of topic threads to know if the topic is current or relevant! We are using this board for both old discussions and new development of Pale Moon on Mac.
Any specific bugs you find that don't have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
Important note:
The old Mac OS versions of Pale Moon were provided by various people and not official or in any way organized. Please make sure you check the date of topic threads to know if the topic is current or relevant! We are using this board for both old discussions and new development of Pale Moon on Mac.
Any specific bugs you find that don't have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Captcha Bug on 33.1.1
Hello,
I'm running OSX 10.11 El Capitan (on an Aluminium late 2008 Macbook) and I've just installed the 33.1.1 Pale Moon version.
I tried to access my personnel account on the SNCF Connect (French Railway) website, but the captcha system is blocking me.
https://www.sncf-connect.com/en-en/
If you click on "Account" then on "Log in", the captcha window appears asking you to solve the puzzle by sliding right the small arrow. When you effectively solve it, nothing happens then, no access to the website (see picture).
Hopefully someone can fix this - I guess it is - bug. Thanks.
I'm running OSX 10.11 El Capitan (on an Aluminium late 2008 Macbook) and I've just installed the 33.1.1 Pale Moon version.
I tried to access my personnel account on the SNCF Connect (French Railway) website, but the captcha system is blocking me.
https://www.sncf-connect.com/en-en/
If you click on "Account" then on "Log in", the captcha window appears asking you to solve the puzzle by sliding right the small arrow. When you effectively solve it, nothing happens then, no access to the website (see picture).
Hopefully someone can fix this - I guess it is - bug. Thanks.
Re: Captcha Bug on 33.1.1
below the captcha is a statement:
Click the submit feedback link and explain the issue you're having, including the ID so they can see what goes wrong.
Since the captcha goes through excessive lengths to prevent debugging, we can't troubleshoot anything on our end.
With a unique captcha ID.Having problems accessing the site? Submit feedback
Click the submit feedback link and explain the issue you're having, including the ID so they can see what goes wrong.
Since the captcha goes through excessive lengths to prevent debugging, we can't troubleshoot anything on our end.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Re: Captcha Bug on 33.1.1
I did. I have little hope they will solve this problem.
Re: Captcha Bug on 33.1.1
It's in the captcha provider's best interest to solve the problem. Unless they want to become known as a censor, of course.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Re: Captcha Bug on 33.1.1
OK, but my doubt comes from the fact that I'm running an old OS on an old Intel MacBook, and the mainstream logic is not to care about these old stuff.
It would be good to find out whether the same bug occurs with versions of Pale Moon for recent W64-bit Pc and Arm Mac. If that's the case, then yes, there's a chance they'll solve the problem.
It would be good to find out whether the same bug occurs with versions of Pale Moon for recent W64-bit Pc and Arm Mac. If that's the case, then yes, there's a chance they'll solve the problem.
Re: Captcha Bug on 33.1.1
I verified this happens on my workstation, run of the mill Windows 10 x64 with 64-bit Pale Moon, before I wrote my first reply. It's not you, it's them
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Re: Captcha Bug on 33.1.1
Perfect, thank you !
Let's wait.
Let's wait.
- noellarkin
- Fanatic
- Posts: 114
- Joined: 2021-07-27, 04:20
Re: Captcha Bug on 33.1.1
This looks like a Datadome captcha - - I came across something that looked exactly like that here viewtopic.php?f=70&t=31242 - - hard to say what it's doing, since there's no information in the browser console.
I looked into Datadome, and these feature-detection algorithms in general, and it seems they're triggered by anomalies in browser fingerprint (this is probably why I don't even get a captcha when visiting the website on vanilla Chrome). Pale Moon's fingerprint isn't accepted by some of these detection companies (something similar happened with Cloudflare a few months back) - - I've been trying to figure out how to clean up the Pale Moon fingerprint so atleast the FF compatibility mode can work with these sites.
Two things I've come across so far:
viewtopic.php?f=5&t=31247
viewtopic.php?f=5&t=31252
I looked into Datadome, and these feature-detection algorithms in general, and it seems they're triggered by anomalies in browser fingerprint (this is probably why I don't even get a captcha when visiting the website on vanilla Chrome). Pale Moon's fingerprint isn't accepted by some of these detection companies (something similar happened with Cloudflare a few months back) - - I've been trying to figure out how to clean up the Pale Moon fingerprint so atleast the FF compatibility mode can work with these sites.
Two things I've come across so far:
viewtopic.php?f=5&t=31247
viewtopic.php?f=5&t=31252
Re: Captcha Bug on 33.1.1
Using Basilisk 2024.05.11 (64-bit) and Windows 10 (in Australia, should that matter, too). Search for datadome, click link, blank (403). Turn off the proxy, refresh, now it shows up. Go to the sncf page, okay; click Account, blank (403). Refresh datadome, blank (403). Go to datadome.co in Firefox, get a page saying "You have been blocked." (with or without the proxy). After a delay (and deleting its cookie), datadome.co in Firefox got me to slide the puzzle, now it works. Still not working in Basilisk. Back to Firefox and it loads straight up, back to Basilisk and I just cannot get it to work again.
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Re: Captcha Bug on 33.1.1
Reading this, I went to the advanced page of Pale Moon Preferences. The User Agent Mode choice was "FireFox Compatibility".noellarkin wrote: ↑2024-06-17, 14:28I've been trying to figure out how to clean up the Pale Moon fingerprint so atleast the FF compatibility mode can work with these sites.
But you can change it for "Native" or "Gecko Compatibility". In the two cases, the SNCF page doesn't respond the same way any longer : the captcha window is now deleted and, as wished, you access the log-in window.
Just a stroke of luck. If someone can bring a pedagogic explanation about this User Agent Mode...
- noellarkin
- Fanatic
- Posts: 114
- Joined: 2021-07-27, 04:20
Re: Captcha Bug on 33.1.1
So here's my understanding of it.
When we're enabling Pale Moon's compatibility mode, we're sending a Firefox user agent to websites, instead of the native Pale Moon user agent. Many websites have restrictive allow lists for user agents, and using a Firefox user agent helps with these sites.
However, more and more websites are implementing feature detection in addition to user agents to determine if a browser is "lying" about its user agent. In simple terms, different browsers have different javascript engines, and the feature detection algorithms check to see if the Javascript engine of a browser is matching the User agent it is reporting.
If the JS engine of the browser doesn't match the user agent string, the feature detection algorithm flags the browser as suspicious, and a captcha is shown to the user.
Now, Pale moon shouldn't actually have any issues with this, since its JS Engine is similar enough to Firefox's (old Firefox's anyway) that it ought to pass the feature detection test, but there are some key differences.
One example being this one:
viewtopic.php?f=5&t=31247
I'm going to spend more time hunting for these feature detection "gaps" to see if FF's compatibility mode can be made more robust.
When we're enabling Pale Moon's compatibility mode, we're sending a Firefox user agent to websites, instead of the native Pale Moon user agent. Many websites have restrictive allow lists for user agents, and using a Firefox user agent helps with these sites.
However, more and more websites are implementing feature detection in addition to user agents to determine if a browser is "lying" about its user agent. In simple terms, different browsers have different javascript engines, and the feature detection algorithms check to see if the Javascript engine of a browser is matching the User agent it is reporting.
If the JS engine of the browser doesn't match the user agent string, the feature detection algorithm flags the browser as suspicious, and a captcha is shown to the user.
Now, Pale moon shouldn't actually have any issues with this, since its JS Engine is similar enough to Firefox's (old Firefox's anyway) that it ought to pass the feature detection test, but there are some key differences.
One example being this one:
viewtopic.php?f=5&t=31247
I'm going to spend more time hunting for these feature detection "gaps" to see if FF's compatibility mode can be made more robust.
- NapoInRags
- Moongazer
- Posts: 10
- Joined: 2024-06-11, 13:18
Re: Captcha Bug on 33.1.1
Great, very clear, thanks.
Little additional information for those who, like me, are on their way learning. You can have a look here : https://www.howtogeek.com/114937/htg-ex ... ser-agent/
The text introduces another interesting website : https://whatmyuseragent.com/ Simply open it from your browser, and you'll get your user agent.
And now, going back to the advanced page of Pale Moon Preferences, you can choose between the three user agent modes and look at the result, that is to say the user agent string Pale Moon is sending to the web. If you're running 10.11 like me, you will have :
- Native : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 PaleMoon/33.2.0
- Goanna Compatibility : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 PaleMoon/33.2.0
- Firefox Compatibility : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 Firefox/102.0 PaleMoon/33.2.0
Little additional information for those who, like me, are on their way learning. You can have a look here : https://www.howtogeek.com/114937/htg-ex ... ser-agent/
The text introduces another interesting website : https://whatmyuseragent.com/ Simply open it from your browser, and you'll get your user agent.
And now, going back to the advanced page of Pale Moon Preferences, you can choose between the three user agent modes and look at the result, that is to say the user agent string Pale Moon is sending to the web. If you're running 10.11 like me, you will have :
- Native : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 PaleMoon/33.2.0
- Goanna Compatibility : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 PaleMoon/33.2.0
- Firefox Compatibility : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:102.0) Gecko/20100101 Goanna/6.6 Firefox/102.0 PaleMoon/33.2.0
Re: Captcha Bug on 33.1.1
Keep in mind that if there's an issue with a specific website, you can add site-specific user-agent overrides, which provides a more fine-grained way of presenting certain user-agent strings to specific websites/domains/hosts.
There are some Pale Moon extensions available to make this easier, but ultimately all it needs is a preference general.useragent.override.example.com with the desired user-agent string, where you replace example.com with the domain or host you want to present the string to.
There are some Pale Moon extensions available to make this easier, but ultimately all it needs is a preference general.useragent.override.example.com with the desired user-agent string, where you replace example.com with the domain or host you want to present the string to.
- noellarkin
- Fanatic
- Posts: 114
- Joined: 2021-07-27, 04:20
Re: Captcha Bug on 33.1.1
@Moonchild will the JS Engine identification issue https://repo.palemoon.org/MoonchildProd ... ssues/2531 be addressed in the next release? Also, just checked out the latest Pale Moon release with the updated canvas poisoning mode, thank you! Pale Moon's canvas fingerprint resistance is way ahead of any of the other browsers out there
Re: Captcha Bug on 33.1.1
This captcha-delivery started working for me on another site.
Solving captcha now redirects to the site.
Regards
Solving captcha now redirects to the site.
Regards
Re: Captcha Bug on 33.1.1
Since we no longer accept negative precisions it errors and provides the expected error message to the captcha with 33.3 to think it's "Firefox", hence passing.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Captcha Bug on 33.1.1
If the web server is not just sniffing the user-agent but testing the rendering engine directly, that approach is not going to work. Cloudflare does not like Gecko or Goanna.Moonchild wrote: ↑2024-06-20, 10:05Keep in mind that if there's an issue with a specific website, you can add site-specific user-agent overrides, which provides a more fine-grained way of presenting certain user-agent strings to specific websites/domains/hosts.
There are some Pale Moon extensions available to make this easier, but ultimately all it needs is a preference general.useragent.override.example.com with the desired user-agent string, where you replace example.com with the domain or host you want to present the string to.