From 8bdb22d2ca4545ebc6bc39eb3f2447cdbcafd324 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Thu, 26 May 2022 14:55:16 +0200 Subject: initial commit --- captcha-child-anchor.js | 82 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 captcha-child-anchor.js (limited to 'captcha-child-anchor.js') diff --git a/captcha-child-anchor.js b/captcha-child-anchor.js new file mode 100644 index 0000000..f5c0920 --- /dev/null +++ b/captcha-child-anchor.js @@ -0,0 +1,82 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later + * + * Part of Hacktcha, a free/libre front-end for reCAPTCHA for use with Haketilo. + * + * Copyright (C) 2022 Wojtek Kosior + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * As additional permission under GNU GPL version 3 section 7, you + * may distribute forms of that code without the copy of the GNU + * GPL normally required by section 4, provided you include this + * license notice and, in case of non-source distribution, a URL + * through which recipients can access the Corresponding Source. + * If you modify file(s) with this exception, you may extend this + * exception to your version of the file(s), but you are not + * obligated to do so. If you do not wish to do so, delete this + * exception statement from your version. + * + * As a special exception to the GPL, any HTML file which merely + * makes function calls to this code, and for that purpose + * includes it by reference shall be deemed a separate work for + * copyright law purposes. If you modify this code, you may extend + * this exception to your version of the code, but you are not + * obligated to do so. If you do not wish to do so, delete this + * exception statement from your version. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * + * I, Wojtek Kosior, thereby promise not to sue for violation of this file's + * license. Although I request that you do not make use of this code in a + * proprietary program, I am not going to enforce this in court. + */ + +/* Use with https://google.com/recaptcha/api2/anchor */ + +"use strict"; + +/* + * reCAPTCHA uses a less common variant of base64 which we produce by slightly + * modifying the output of JavaScript's native base64 encoding routine. + */ +function rc_base64_decode(data_b64) { + data_b64 = data_b64 + .replaceAll("-", "+") + .replaceAll("_", "/") + .replaceAll(".", "="); + + return atob(data_b64); +} + +const rc_params = new URLSearchParams(window.location.search); + +const site_key = rc_params.get("k"); +const rc_version = rc_params.get("v"); +const lang = rc_params.get("hl") || "en"; + +const origin_b64 = rc_params.get("co"); +const origin = rc_base64_decode(origin_b64); + +const initial_token = document.getElementById("recaptcha-token").value; + +const smuggled_data = {origin, initial_token}; + +const bframe_url = new URL("https://google.com/recaptcha/api2/bframe"); +bframe_url.search = new URLSearchParams([ + ["hl", lang], + ["v", rc_version], + ["k", site_key] +]); +bframe_url.hash = encodeURIComponent(JSON.stringify(smuggled_data)); + +window.location.href = bframe_url; -- cgit v1.2.3