skip to Main Content

I’m working on a local javascript application that interact with a server in ajax and I want to securize my creation form with hcaptcha.

<script src='https://js.hcaptcha.com/1/api.js' async defer></script>   
 <h2>Create an account</h2>
                            <form class="create-account"  method="post">
                            ...
                                <div class="h-captcha" data-sitekey="..."></div>
                                <p><button type="submit">Create account</button></p>
                            </form>

I got javascript errors:

TypeError: ke.data.kernel.save.user_init is not a function
SecurityError: Permission denied to access property "document" on cross-origin object

And query is invalid

curl 'https://hcaptcha.com/checksiteconfig?v=..&host=&sitekey=...&sc=1&swa=1' 

return 403 Invalid Data

Because of it’s a local app, there is no host.

Is there a way to use hcaptcha in a local app ?

2

Answers


  1. Chosen as BEST ANSWER

    It seems that it is not possible, because hcaptcha use iframe that are forbidden in a local app.

    I manage to use another solution.


  2. Often to do this kind of thing you need to set up local network traffic redirect rules, which isn’t too difficult. However, unlike in your example, you will need to be running a local server – something like Node. After that, you can spoof a remote host and have it redirect local requests headed for the remote host to your local server instead. Usually you have to do one extra redirect since port 80 is already in use (also helpful if remote host does any redirecting, e.g. OpenID auth redirects, etc).

    example(s) below will cause traffic to be redirected as follows:

    myhost.com:80 -> 127.55.55.55:80 -> 127.0.0.1:8080

    WINDOWS

    Note: steps must be executed with Admin rights

    • Start your local server (e.g. http://127.0.0.1:8080).
    • Find a local IP address in CIDR=127.0.0.0/8 that’s not in use (our example uses 127.55.55.55:80).
      • netstat -aonp TCP | findstr "LISTENING" shows addresses that ARE in use. Use an IP other than one of these.
    • Add an entry to your windows hosts file (C:WindowsSystem32driversetchosts).
      • {local ip} {host} -> e.g. 127.55.55.55 myhost.com
    • Add the following network configuration with netsh command utility:
      • netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.55.55.55 connectport=8080 connectaddress=127.0.0.1.
    • open a browser (or use curl) and visit myhost.com. You should see output from your local server, and (hopefully) you’ve tricked hCaptcha restrictions!

    Notes:

    • netsh portproxy needs ipv6 libraries even when using v4tov4. If not already installed, run netsh interface ipv6 install.
    • view netsh entries with netsh interface portproxy show v4tov4
    • delete your entry with netsh interface portproxy delete v4tov4 listenport=80 listenaddress=127.55.55.55
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search