Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication fails on onion API #239

Open
bruceleerabbit opened this issue Dec 23, 2022 · 2 comments
Open

Authentication fails on onion API #239

bruceleerabbit opened this issue Dec 23, 2022 · 2 comments

Comments

@bruceleerabbit
Copy link

To authenticate with the onion site, I took the most meticulous steps as follows:

  1. obtain user agent string by visiting https://www.whatismybrowser.com/detect/what-is-my-user-agent/ in the same GUI browser that will be used for login.
  2. edit protonmail.go line 122 to reflect the user agent from the previous step.
  3. recompile (GO111MODULE=on go build ./cmd/hydroxide)
  4. login to PM’s onion site¹ using the same GUI browser used in step 1.
  5. obtain the session cookie within the protonmail tab (f12→network→«click any object arbitrarily in the left frame»→right frame: “Cookies”→Session-Id)

Two different syntaxes were attempted.

Torsocks approach:

$ torsocks hydroxide -api-endpoint "$onion_url"/api auth "$UID" "$sessionID"

result:

«timestamp» Post "https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/auth/info": dial tcp 127.42.42.0:443: connect: connection refused

Proxy variable approach:

$ HTTPS_PROXY='socks5://127.0.0.1:9050' hydroxide -api-endpoint "$onion_url"/api auth "$UID" "$sessionID"

result:

«timestamp» invalid character '<' looking for beginning of value

version: latest clone as of today.

Did I overlook anything to more closely mirror a non-hydroxide session? User agent and cookie is all I know to account for.

Footnotes:

  1. onion_url=https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
@bruceleerabbit bruceleerabbit mentioned this issue Dec 23, 2022
Open
@bruceleerabbit
Copy link
Author

bruceleerabbit commented Dec 23, 2022
edited
Loading

If I simply browse to this URL in a GUI browser, I get a 404:

https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api

So that URL is suspect. Consequently I also tried removing the trailing “/api” but that made no difference.

(edit) I am told that the standard non-forked version of hydroxide does not support a session ID argument. OTOH, it still makes no difference if the session ID is removed in the cases tested; same behavior.

@programmeruser2
Copy link

You have to use https://mail.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api since the clearnet API URL is mail.proton.me/api.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bruceleerabbit @programmeruser2