"CaptchaRequired" #73
Comments
|
I get this error as well on the Windows version. |
|
Working on it. This will take a few days. |
|
Seems the response contains a field named It looks like the user has to solve the captcha, then the login request can be issued again with two additional header fields: At least this is the way how it is implemented in this project - I would assume that this should be the way solve this also in raccoon. |
|
I already have a working solution for login with captcha (part of my account creator tool). That's not the issue. The problem is adapting it to the setup wizard, which is a stupidly complex dialog. In a nutshell, it needs to be rewritten from scratch. |
@jpstotz I sent |
|
That solution no longer works. Google deprecated it in 2012, and I guess they just pulled the plug. |
|
@onyxbits Do you have a lead on a more modern method? I know you said you're working on it, but I'm curious if you ran into a wall or things are looking good? |
This is not entirely correct. ClientLogin was deprecated in 2012, but they kept it around till 2015. It can still be found in at least Android 6 as the backend protocol. So it looks like it is here to stay. Google just wants everyone else to switch to OAUTH because it is more secure (users no longer have to give their account credentials to third party apps) and conviniently allows them to lock out competition or putting quotas on API calls by requiring API keys.
Running into walls is all these protocol changes are about and CAPTCHA is, by definition, a very time consuming thing to figure out. |
|
I have analyzed this issue in another project which uses the same API (Android App Aurora Store). My results so far are that Google seems to decide whether to require a Captcha by analyzing TLS protocol details. More specifically, I was able to make it work by forcing specific ciphers and disabling ALPN. I still have to figure out how to convince the JVM to set the proper TLS options (only did it successfully in Python so far). I am detailing my results here: https://gitlab.com/AuroraOSS/AuroraStore/issues/217#note_249390026 |
|
Hello, this problem about, any progress possible? |
|
We managed to get the latest version of raccoon working without hitting the captcha issue. First enable 'less secure apps' for the google account used to log in https://myaccount.google.com/lesssecureapps. $ cat > disable_alpn.py
from mitmproxy.net import tls
_create_ssl_context = tls._create_ssl_context
def create_ssl_context_without_alpn(*args, **kwargs):
kwargs['alpn_protos'] = None
return _create_ssl_context(*args, **kwargs)
tls._create_ssl_context = create_ssl_context_without_alpn
$ mitmproxy --set 'ciphers_server=ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDH+AESGCM:DH+AESGCM:ECDH+AES:DH+AES:RSA+AESGCM:RSA+AES:!DSS' -s disable_alpn.py Then choose the proxy option in raccoon to proxy through mitmproxy. |
Hello, @alhspiir How can i use this for Windows. |
|
Found that in my local enviromnent project in jar gives captcha when binary(exe) doens't. Found that they have different ssl-handshakes. The difference in ciphers. Bynary has |
Linux, v4.11.0, openjdk version "1.8.0_222"
Attempting to log in to my Google account (not a gmail account), using both normal password, and again after enabling 2FA, app password, gives the error "CaptchaRequired". Cannot progress past this screen.
The text was updated successfully, but these errors were encountered: