hydroxide: CAPTCHA breaks login workflow

When using hydroxide auth <username>, it will lead to a captcha being displayed on the website; which seems to break the login/auth mechanism:

2022/11/04 08:45:47 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
2022/11/04 08:45:47 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse

Are there any ways to maybe login via Browser and export/reuse the cookies or similar?

About this issue

Original URL
State: open
Created 2 years ago
Reactions: 10
Comments: 26 (2 by maintainers)

Commits related to this issue

cmd/hydroxide/main.go Bump web-mail version to "5.0.14.11" Fixes #235 — committed to wonderfulShrineMaidenOfParadise/hydroxide by wonderfulShrineMaidenOfParadise a year ago
cmd/hydroxide: Bump web-mail version to "5.0.14.11" Fixes #235 — committed to wonderfulShrineMaidenOfParadise/hydroxide by wonderfulShrineMaidenOfParadise a year ago
cmd/hydroxide: Bump web-mail version to "5.0.14.11" Helps with #235 — committed to emersion/hydroxide by wonderfulShrineMaidenOfParadise a year ago

Most upvoted comments

I get this from proton-bridge:

Server error: paid subscription plan is required

So no, proton-bridge is not an alternative to hydroxide.

eternal-sorrow on Jan 23, 2023

Recently it stopped giving me this message and started working again.

eternal-sorrow on Mar 16, 2023

I’ve had this captcha solver on the side for a while now. If anybody wants to implement this into hydroxide, you’re free to do so. Sorry if some imports are missing but the most important parts are there. 100% solve rate so far.

gravilk on Nov 5, 2023

I am also still having problems with solving CAPTCH-a. Are there any new workarounds? Tried the extra code added to protonmail.go - no luck and tried to authenticate with session ID as mentioned but didn’t work. If anyone got around it i kindly ask for help. Thanks.

KricejJanezMartin on Aug 17, 2023

Try to enable 2FA on your account.

I enabled 2FA, still

[user@host hydroxide]$ ./hydroxide auth myemailadress@protonmail.com
Password:
2023/05/11 19:20:13 request failed: POST https://mail.proton.me/api/auth: [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse
2023/05/11 19:20:13 [9001] For security reasons, please complete CAPTCHA. If you can't pass it, please try updating your app or contact us here: https://proton.me/support/abuse

Edit: So this is the final answer for this problem. Adding req.Header.Set("x-pm-appversion", "Other") to protonmail.go (line 123) together with 2FA is fixing this issue.

Staubgeborener on May 12, 2023

@Staubgeborener

Try ./proton-bridge --cli.

I wasn’t able to build proton-bridge on (Free|Open)BSD. It is not platform neutral. It expects to be built on either Windows, Linux, or OS X.

0x1eef on Dec 24, 2022

The most proper fix would be for hydroxide to seamlessly launch the CAPTCHA puzzle instead of crapping out. From there, everything else is just hacks & workarounds (all of which are less convenient than if hydroxide were to render the puzzle on demand).

That said, I’ve heard rumors that the CAPTCHA is never sent to onion users. If you’re using a Tor exit node to reach the clearnet API, it’s a recipe for CAPTCHA hell. Theoretically, you can reach the onion API by following the steps in bug #239. (Of course the caveat at the moment is that the auth command fails in that scenario).

bruceleerabbit on Dec 23, 2022

For anyone else who runs into this, the change in https://github.com/emersion/hydroxide/pull/225 fixed the issue for me.

0x1eef on Dec 3, 2022