
Show HN: Stop Solving Cloudflare CAPTCHAs over Tor - t0astbread
https://addons.mozilla.org/en-US/firefox/addon/onionflare/
======
t0astbread
Hi, author here! This is a little thing I've made a while ago to scratch a
personal itch and based on some positive feedback I thought I'd share it. Its
use case is incredibly niche but for the people that need it, it has a high
utility.

TL;DR

> Who is this for?

> People browsing the web over Tor but not with the Tor Browser

> What does this do?

> Cloudflare lets users of the Tor Browser pass CAPTCHA-free while requiring a
> CAPTCHA for all other Tor connections. This extension emulates some of the
> Tor Browser's behavior (which you won't notice) to trick Cloudflare into
> thinking you use the Tor Browser.

If you're having issues, here's a nice debugging guide:
[https://addons.mozilla.org/en-
US/firefox/addon/onionflare/re...](https://addons.mozilla.org/en-
US/firefox/addon/onionflare/reviews/1549107/)

------
McSwag
> Access your data for all websites

Bummer

~~~
t0astbread
Unfortunately I don't have a choice for that. Cloudflare could be behind any
domain so the extension has to patch all HTTP requests (and permissions aren't
finer grained than that). It doesn't do anything invasive though, it just
patches a handful of headers to look like the Tor Browser. You can read up on
it here:
[https://github.com/T0astBread/onionflare/blob/master/backgro...](https://github.com/T0astBread/onionflare/blob/master/background.js)

If you have an "unbranded" Firefox build (which means not built by Mozilla) or
(iirc) the Developer Edition you can disable mandatory signing, zip the
contents of the onionflare repo, call it onionflare.xpi and install it locally
instead of using my AMO distribution.

