emersion / hydroxide

A third-party, open-source ProtonMail CardDAV, IMAP and SMTP bridge
MIT License
1.63k stars 125 forks source link

How to bypass the CAPTCHA, please? #268

Open brunocek opened 11 months ago

brunocek commented 11 months ago

Hello.

Am I the first one to get this, please? Any hints?

On w3m I used once a way to hijack the cookie from firefox-esr, might this be the way now?

2023/12/15 01:12:24 << POST /api/auth
2023/12/15 01:12:24 &protonmail.authResp{resp:protonmail.resp{Code:9001, RawAPIError:(*protonmail.RawAPIError)(0xc00039c100)}, Auth:protonmail.Auth{ExpiresAt:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Scope:"", UID:"", AccessToken:"", RefreshToken:"", UserID:"", EventID:"", PasswordMode:0, TwoFactor:struct { Enabled int; U2F interface {}; TOTP int }{Enabled:0, U2F:interface {}(nil), TOTP:0}}, ExpiresIn:0, TokenType:"", ServerProof:""}
2023/12/15 01:12:24 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
2023/12/15 01:12:24 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
vkstack commented 11 months ago

This requires directly solving the captcha. You can't bypass it.

wonderfulShrineMaidenOfParadise commented 8 months ago

It could be authentication failures, which triggered CAPTCHA. Try to remove the account in your client(s) for days, wait for the cool down of CAPTCHA, then hydroxide auth again. You can also try another account when waiting for the cool down.

h3xagonal commented 7 months ago

Not sure if this relates to the experience of hydroxide users but when my account is non-accessed for an extended period of time logging in the onion web-interface prompts a CAPTCHA challenge on occasion. So perhaps hydroxide is victim to a similar mechanism to deter brute-force.

kontell commented 5 months ago

I login to Proton using a web browser from the same IP address as hydroxide and that fixes it.