buster
challenge-bypass-extension
Our great sponsors
buster | challenge-bypass-extension | |
---|---|---|
62 | 36 | |
6,918 | 1,235 | |
- | 0.2% | |
2.6 | 5.0 | |
8 months ago | 7 days ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 only | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
buster
-
AI bots are now better than humans at decoding CAPTCHAs
The captcha buster extension[^0] along with the service on you computer to move the mouse for you works very very well. It uses google’s TTS (afaik) to transcribe the audio captcha. It’s google verifying another google service works well. I find it very satisfying to not provide my labor to train googles computer vision corpus but instead have the snake bite it’s own tail.
Anyway, I highly recommend buster, I barely notice captchas anymore with it.
-
How do you guys deal with all the captchas?
If you use Firefox than use https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/ to automatically solve captchas otherwise change your search engine to DuckDuckGo, your privacy will thank you.
-
Hacking Google ReCAPTCHA v3 Using Reinforcement Learning
reCAPTCHA allows for audio challenges as accessibility fallback. And this has been a loophole for a long time to automatically solve them via google's own speech-to-text API https://github.com/dessant/buster
- why are you like this?
-
Ask HN: Developer abused “sign in with GitHub” and users are being punished
https://github.com/dessant/buster/
buster is a technically legal software designed to show how easy it is to bypass google recaptcha.... if this continues to work, why not a third party SAAS that allows the same thing via an api?
- this bot calling out a user for stealing comments for upvotes and the guy trying to bail by deleting his comment
-
My essential Firefox fixes in 2022
ill add a couple:
yet another speed dial (im also the author): https://github.com/conceptualspace/yet-another-speed-dial
buster captcha solver: https://github.com/dessant/buster
-
Tell HN: Airbnb just stole me 5 minutes of my time adding dices
It's Arkose Labs (also used by Roblox, GitHub, Dropbox, Twitch, and more). There's some more links here: https://github.com/dessant/buster/issues/178
Their audio captcha (no longer available?) involved listening to 3 MIDI tunes and picking "the sad one".
You can subscribe here for whenever it happens: https://github.com/dessant/buster/issues/320
challenge-bypass-extension
-
Blocked by Cloudflare
Cloudflare's Privacy Pass may help here: https://privacypass.github.io/
It should significantly reduce the amount of CAPTCHAs you see in a way that's not terrible for privacy.
For Safari, you can enable Private Access Tokens: https://blog.cloudflare.com/how-to-enable-private-access-tok...
Both of these mechanisms are similar to Google's web DRM proposal in that they rely on external issuers to generate tokens, but unlike Google's attempt they don't guarantee that ad blockers are disabled on pages that try to use tokens.
-
Apple already shipped attestation on the web, and we barely noticed
The author is referring to this standard: https://privacypass.github.io/
Apple uses it for its iCloud Private Relay service. The blind token is used so that Cloudflare can verify that a given device pays for iCloud Private Relay without revealing their identity.
Attestation is when such a blind token is proving the integrity of the software running on the device, not proving arbitrary properties. Privacy Pass could actually enable a fast, semi-decentralized system of anonymizing proxies.
If Apple exposed the “is System Integrity Protection enabled” bit to the web, then that amounts to attestation to me, and yes: Apple can do it whenever it wants, and people want Apple to do it.
-
Tell HN: Cloudflare verification is breaking the internet
Use Privacy Pass then if you don't want to use Chrome. https://privacypass.github.io/
-
How do you guys deal with all the captchas?
Most hCaptcha and many Cloudflare -> https://privacypass.github.io/
-
What are some privacy-focused tools, services, and practices that I should get into a habit of using?
The captcha issue mentioned probably relates to one of Cloudflare's services, limiting access by potentially-harmful bots to websites. If a client connecting to a website doesn't look like a human, they'll get a captcha. Unusual browsers, adblockers, and privacy settings increase the risk of getting a captcha. Solving the captcha will require JavaScript to be enabled. Some people take issue with that. Personally, I think this service is reasonable, and Cloudflare has demonstrated an interest in making this more privacy-friendly, for example by migrating away from Google's reCAPTCHA to hCaptcha, and promoting privacy-friendly captcha challenges with Privacy Pass.
-
So, I have to solve a Human Verification trying to log into my Proton acc while connected w/ ProtonVPN (paid-tier)?
You may also be interested in Privacy Pass, which is specific to hCaptcha challenges.
-
Reject omitting “Reject All”
While you're at it, grab Privacy Pass to get rid of a fair share of captchas: https://privacypass.github.io/
-
Apple Could Kill CAPTCHAs with Private Access Tokens
I'm looking through the official draft for this more (https://www.ietf.org/archive/id/draft-private-access-tokens-...)
The thing that strikes me is that they bring up Privacy Pass (https://privacypass.github.io/) as related work, and while I've never been completely, totally on board with Privacy Pass, I also feel like the reliance on hardware/OS verification checks here is strictly worse than what Privacy Pass is offering?
Forget the user experience for a second and privacy implications (Privacy Pass at least seems to be mostly hardware independent and can work on any device/browser, which has comparatively fewer negative implications for a competitive web ecosystem), as a website operator hardware checks seem strictly easier to game than a CAPTCHA. So even if I'm not a user trying to use a device that doesn't have these attestation schemes built into it, if I'm an operator wouldn't I prefer to have a protection that's harder to bypass by a click farm?
I'm not saying I would be completely thrilled with Privacy Pass either (CAPTCHAs in general are accessibility problems). But should I be thrilled about a version of Privacy Pass that (as far as I can tell) inherently must be more invasive to my hardware, and that isn't guaranteed to work on every device/browser that I use?
- Is “acceptably non-dystopian” self-sovereign identity even possible?
-
Firefox appears to be flagged as suspicious by Cloudflare
A workaround is to install the Privacy Pass extension [1] https://privacypass.github.io/
It's an open source extension available for Chrome and Firefox. It allows to privately and uniquely identify the browser, and is the process of going through IETF standardisation, so hopefully someday you won't need to install an extension for it.
I'm not happy about installing extensions just to view some websites, but it'll make things less painful.
What are some alternatives?
2-captcha-solver-javascript - A node.js Recaptcha automation program utilizing the 2captcha API and Selenium webdriver.
slader-extension - Bypass Slader/Quizlet's limit
friendly-challenge - The widget and docs for the proof of work challenge used in Friendly Captcha. Protect your websites and online services from spam and abuse with Friendly Captcha, a privacy-first anti-bot solution.
Universal-Bypass - Don't waste your time with compliance. Universal Bypass circumvents annoying link shorteners.
wocabee-bot - This extension will automatically solve (almost) any task WocaBee throws at you at lightning speeds
2captcha-python - Python 3 package for easy integration with the API of 2captcha captcha solving service to bypass recaptcha, hcaptcha, funcaptcha, geetest and solve any other captchas.
curl-impersonate - curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
no-squid-game - Removes all news, videos, articles about Squid Game from your browser!
2captcha-java - Java library for easy integration with the API of 2captcha captcha solving service to bypass recaptcha, hcaptcha, funcaptcha, geetest and solve any other captchas.
unwanted-twitch - Hide unwanted streams, games, categories and channels on: twitch.tv
find - A find-in-page extension for Chrome and Firefox that supports regular expressions.
chrome-vlive-downloader - VLIVE VOD/post's video downloader extension for chrome