InsideReCaptcha
quickjs
InsideReCaptcha | quickjs | |
---|---|---|
5 | 4 | |
1,002 | 168 | |
- | - | |
0.0 | 5.2 | |
about 5 years ago | about 1 month ago | |
Python | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
InsideReCaptcha
-
Discussion Thread
Google: implements an entire obfuscated VM with its own bytecode inside Javascript for their CAPTCHAs so that people cannot cheat it
-
YouTube-dl has a JavaScript interpreter written in 870 lines of Python
While they likely wouldn't do a zero-day, their JS files, particularly for automated captchas, do push the boundaries of whatever JS engine they're executed inside. See https://github.com/neuroradiology/InsideReCaptcha#the-analys... and note that this analysis is 8 years old. While there's minimal risk if you're either using a full-fledged modern JS engine or a limited-subset interpreter like the OP, an older or non-optimized spec-compliant JS engine might hit pathological performance cases and result in you DOSing yourself.
- Why you can't secure a React Native (or any frontend) application
-
Get DCR onto a faucet by voting on this strawpoll for Autofaucet
So people voting for DCR are not allowed to protect their privacy with VPNs, must reveal their real IP address, and must allow proprietary, obfuscated, sophisticated Google reCAPTCHA to fingerprint the heck out of their devices.
- Installed new UDM Pro; Google thinks we are robots now
quickjs
-
AWS Introduces a New JavaScript Runtime for Lambda
You can use it as en embedded scripting language within Python.
[1] https://github.com/PetterS/quickjs
- YouTube-dl has a JavaScript interpreter written in 870 lines of Python
-
Why are the upcoming qutebrowser extensions only “inspired” by the WebExtensions API?
You could run the webextention javascript in quickjs.
-
Web Browser Engineering
I was interested to see that this uses the DukPy wrapper around Duktape for the JavaScript interpreter: https://browser.engineering/scripts.html
This made me start digging into whether this was considered a "safe" way of executing untrusted JavaScript in a sandbox.
its not completely clear to me if DukPy currently attempts safe evaluation - it's missing options for setting time or memory limits on executed code for example: https://github.com/amol-/dukpy
There's a QuickJS Python wrapper here which offers those limits: https://github.com/PetterS/quickjs
I'm pretty paranoid though any time it comes to security and dependencies written in C, so I'd love to see a Python wrapper around a JavaScript engine that has safe sandbox execution as a key goal plus an extensive track record to back it up!
What are some alternatives?
libv8-node - Package libv8 from Node
dukpy - Simple JavaScript interpreter for Python
PyMiniRacer - PyMiniRacer is a V8 bridge in Python.
mini_racer - Minimal embedded v8
awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
pyduktape - Embed the Duktape JS interpreter in Python
youtube-dl - Command-line program to download videos from YouTube.com and other video sites