hiddeninthesand
commented
1 year ago I'm able to reproduce this behavior regardless of if I'm using Tor, a normal proxy, or a VPN. Would being able to use cookies from a browser be related to #218?
Open cookiengineer opened 1 year ago
hiddeninthesand
commented
1 year ago I'm able to reproduce this behavior regardless of if I'm using Tor, a normal proxy, or a VPN. Would being able to use cookies from a browser be related to #218?
cookiengineer
commented
1 year ago Yes, indeed a cookie jar implementation would help to allow users to temporarily bypass the login procedure within their web browser, and to export the cookie jar file (netscape format?) then.
I've made a Browser Extension that exports the cookie jar, for tools like yt-dlp and other scrapers: https://github.com/cookiengineer/me-want-cookies
hiddeninthesand
commented
1 year ago How does hydroxide currently store cookies? Maybe there's a more manual method to bypass it for the time being?
emersion
commented
1 year ago It does not preserve cookies across requests, and #218 is about fixing that.
julianfairfax
commented
1 year ago Is there anything I can do about this? Or can I just never connect a new device? Does that mean if the config for my current devices is lost, I won't be able to log them back in again either?
0x1eef
commented
1 year ago Does that mean if the config for my current devices is lost, I won't be able to log them back in again either?
Yeah, it probably does. I tried to use hydroxide for the first time, and I can't use it because of this problem.
0x1eef
commented
1 year ago For anyone else who runs into this, the change in https://github.com/emersion/hydroxide/pull/225 fixed the issue for me.
osfanbuff63
commented
1 year ago For anyone else who runs into this, the change in #225 fixed the issue for me.
Tried the master branch of this repo and the change in #225, neither helped. Unfortunately I don't know Go so I can't help on this one, but I hope someone can fix this soon.
0x1eef
commented
1 year ago I went down this rabbit hole, and if you are really stuck, the official proton-bridge might help. It can be built without the GUI(make build-nogui) , but requires at least "pass" to be installed and doesn't build out-of-the-box on *BSD.
I created a FreeBSD port for hydroxide.. that's what I am using at the moment: https://github.com/0x1eef/ports/tree/main/freebsd/mail/hydroxide. It pulls in the patch from #225 during build time. I'm not sure why it works for some, and not others. I also don't know Go to help further than that.
bruceleerabbit
commented
1 year ago The most proper fix would be for hydroxide to seamlessly launch the CAPTCHA puzzle instead of crapping out. From there, everything else is just hacks & workarounds (all of which are less convenient than if hydroxide were to render the puzzle on demand).
That said, I’ve heard rumors that the CAPTCHA is never sent to onion users. If you’re using a Tor exit node to reach the clearnet API, it’s a recipe for CAPTCHA hell. Theoretically, you can reach the onion API by following the steps in bug #239. (Of course the caveat at the moment is that the auth command fails in that scenario).
Staubgeborener
commented
1 year ago @0x1eef but how did you launch the official proton-bridge after building?
[user@nuc proton-bridge]$ make build-nogui
#successfully install process
[user@nuc proton-bridge]$ ls
bridge Changelog.md CONTRIBUTING.md dist extern go.sum LICENSE pkg README.md tests utils
BUILDS.md cmd COPYING_NOTES.md doc go.mod internal Makefile proton-bridge release-notes TODO.md
[user@nuc proton-bridge]$ ./proton-bridge
FATA[Dec 24 10:44:21.808] No executable in launcher directory error="no executable found" exe_to_launch=bridge-gui launcher_path=/home/user/proton-bridge/proton-bridge launcher_version=3.0.6+git@Staubgeborener
Try ./proton-bridge --cli.
I wasn't able to build proton-bridge on (Free|Open)BSD. It is not platform neutral. It expects to be built on either Windows, Linux, or OS X.
eternal-sorrow
commented
1 year ago I get this from proton-bridge:
Server error: paid subscription plan is requiredSo no, proton-bridge is not an alternative to hydroxide.
0x1eef
commented
1 year ago As far as I know a paid subscription is required regardless of whether or not hydroxide is being used.
eternal-sorrow
commented
1 year ago Hydroxide does not require paid subscription.
0x1eef
commented
1 year ago That's good, and surprising. I wouldn't have thought Proton would let you generate a bridge password without a paid subscription.
fromtheeast710
commented
1 year ago When will this issue be fixed? I really want to get ProtonMail working with Thunderbird.
emersion
commented
1 year ago When someone figures out a proper solution.
eternal-sorrow
commented
1 year ago Recently it stopped giving me this message and started working again.
Staubgeborener
commented
1 year ago Sadly I still need a captcha
0-x-2-2
commented
1 year ago Try to enable 2FA on your account.
Staubgeborener
commented
1 year ago Try to enable 2FA on your account.
I enabled 2FA, still
[user@host hydroxide]$ ./hydroxide auth myemailadress@protonmail.com
Password:
2023/05/11 19:20:13 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
2023/05/11 19:20:13 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuseEdit: So this is the final answer for this problem. Adding req.Header.Set("x-pm-appversion", "Other") to protonmail.go (line 123) together with 2FA is fixing this issue.
cwegener
commented
1 year ago Try to enable 2FA on your account.
I enabled 2FA, still
[user@host hydroxide]$ ./hydroxide auth myemailadress@protonmail.com Password: 2023/05/11 19:20:13 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse 2023/05/11 19:20:13 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuseEdit: So this is the final answer for this problem. Adding
req.Header.Set("x-pm-appversion", "Other")toprotonmail.go(line 123) together with 2FA is fixing this issue.
I just tried that combination and it did not skip the Captcha challenge for me.
cwegener
commented
1 year ago Try to enable 2FA on your account.
I enabled 2FA, still
[user@host hydroxide]$ ./hydroxide auth myemailadress@protonmail.com Password: 2023/05/11 19:20:13 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse 2023/05/11 19:20:13 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuseEdit: So this is the final answer for this problem. Adding
req.Header.Set("x-pm-appversion", "Other")toprotonmail.go(line 123) together with 2FA is fixing this issue.I just tried that combination and it did not skip the Captcha challenge for me.
The response the /api/auth POST is the following message:
{
"Code": 9001,
"Details": {
"Description": "",
"Direct": 1,
"HumanVerificationMethods": [
"captcha"
],
"HumanVerificationToken": "FXO12rGNIDTlbXH2l6l7YYnw",
"Title": "Human Verification"
},
"Error": "For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse"
} The response also includes a session cookie.
KricejJanezMartin
commented
1 year ago I am also still having problems with solving CAPTCH-a. Are there any new workarounds? Tried the extra code added to protonmail.go - no luck and tried to authenticate with session ID as mentioned but didn't work. If anyone got around it i kindly ask for help. Thanks.
gravilk
commented
11 months ago I've had this captcha solver on the side for a while now. If anybody wants to implement this into hydroxide, you're free to do so. Sorry if some imports are missing but the most important parts are there. 100% solve rate so far.
oxalica
commented
9 months ago If we have to solve CAPTCHA somehow, could we have an interactive way to (temporarily?) pass the authentication? Prompting an image URL and let the user type the answer is good enough to me, assuming the CAPTCHA only occur sometimes during logining which is interactive anyway. But currently it just fail and give up with an escape hatch.
wonderfulShrineMaidenOfParadise
commented
7 months ago I have a workaround to CAPTCHA. Maybe someone would feel like to give it a try. https://github.com/emersion/hydroxide/issues/268#issuecomment-1985061273
altbert
commented
2 months ago The work around i used was login to my ProtonMail account from the official domain, completed the displayed CAPTCHA and then i was able to login with hydroxide again.
When using
hydroxide auth <username>, it will lead to a captcha being displayed on the website; which seems to break the login/auth mechanism:Are there any ways to maybe login via Browser and export/reuse the cookies or similar?