Jump to content

Does the latest version of reCAPTCHA work with XP?


HoppaLong

Recommended Posts

XP Pro_SP3

Please, before you read this post perform a google search. Type "firefox reCAPTCHA."  I just did and the results
list is 218,000.  On the first page of that google search you'll find a post entitled, "ReCaptcha impossibly difficult
on Firefox exclusively."  There are countless posts, blogs, etc., trying to resolve this problem.

Google's reCAPTCHA is used on thousands of sites.  As you can see from the attached image, it frequently fails
to load into Firefox and other Mozilla browsers.

I've got the latest version of Light Firefox and K-Meleon installed.  If you're not familiar, Light Firefox uses the
same Gecko engine.  It loads web pages faster and the features it lacks I don't need.

I decided to try one of the smallest browsers, QtWeb.  It has many flaws, but I just wanted to see if it would load
a reCAPTCHA box.  It also fails to load reCAPTCHA.

The version numbers for Firefox and Light Firefox are not the same.  I just installed Light Firefox 48, which is the
latest version.  Many experts recommend disabling add-ons, if reCAPTCHA is blocked.  Since I just installed Light
Firefox there are no add-ons.

The folks at Mozilla want you to have the latest version of Java (JRE).  The last version of Java compatible with XP is
1.7.0.25.  The problem is, many people are running Windows 7, 8, and 10 and they also fail to load that reCAPTCHA
box.

Another recommended "fix" is trying different UA (User Agent) strings.  I've tried two or three dozen.  Didn't work.

I need a browser (excluding IE) that is compatible with XP Pro_SP3 and displays Google's latest version of reCAPTCHA.

reCAPTCHA.jpg

Edited by HoppaLong
Link to comment
Share on other sites


There is sometimes a hidden, secondary submit button that will bypass the reCAPTCHA. Try View->Use Style->None to display hidden page elements. This trick got me through several job-related website registrations during the Fall. I think the problem is ECMAscript-related.

Link to comment
Share on other sites

4 hours ago, jumper said:

There is sometimes a hidden, secondary submit button that will bypass the reCAPTCHA. Try View->Use Style->None to display hidden page elements. This trick got me through several job-related website registrations during the Fall. I think the problem is ECMAscript-related.

Can you please post a screeshot highlighting it, for us all to know exactly what to look for, visually?

Link to comment
Share on other sites

No screenshot is available. Find the original submit button and the second should be just to the right of or below it. If it's there, it'll be obvious.

Update: the ReCAPTCHA demo at https://www.google.com/recaptcha/api2/demo doesn't have a hidden button, but also seems to have been fixed for the better in the last few months. It now works in SeaMonkey 2.0.14 (like FF3.6) with scripting disabled. Click in the proper check boxes, click Verify, copy the text that appears into the lower box, and click Submit. ->"Verification Success... Hooray!"

Link to comment
Share on other sites



22 hours ago, HoppaLong said:

XP Pro_SP3

I need a browser (excluding IE) that is compatible with XP Pro_SP3 and displays Google's latest version of reCAPTCHA.

Uh, Chrome 49? ;) Also, Opera 12.18 works. I would imagine Opera 36 would work too since it uses Chromium. All three run on XP SP3.

Edit: Opera 12.18's engine is too old to render some modern sites properly, so even though it works with the reCAPTCHA demo page, you may still want to avoid it.

 

Edited by Mathwiz
Link to comment
Share on other sites

It never crossed my mind that a reCAPTCHA challenge would function with JavaScript toggled off!

I tried that Google reCAPTCHA demo with K-Meleon.  As you can see in the attached image, JavaScript has been disabled
on the privacy toolbar.  It worked perfectly!

I immediately visited two sites that failed to load reCAPTCHA.  They both displayed that message about enabling JavaScript.
After releasing the K-Meleon JavaScript button I reloaded the page.  The reCAPTCHA challenge displayed normally.

1. I go to a site with JavaScript disabled.
2. Wait for the message about enabling JavaScript.
3. Reload the page with JavaScript enabled.
4. reCAPTCHA works!

I don't know why this disabling and enabling of JavaScript fixes reCAPTCHA in my browser, but at least I've got a
procedure that works.

That Google demo works with scripting disabled.  It's hard to imagine any "real" reCAPTCHA challenges functioning
without JavaScript.

jumper, I found several posts that mention SeaMonkey working with reCAPTCHA.  I will download the last version for XP:

http://www.seamonkey-project.org/releases/legacy

Thanks jumper, dencorso, and Mathwiz.

k-meleon privacy toolbar.jpg

enable javascript.jpg

verify.jpg

Link to comment
Share on other sites

HoppaLong ... why don't you also download the last version of Pale Moon that works with XP. I think it was in November that XP support was dropped. I just checked my PM setup and it works fine with reCAPTCHA. I also have an older version of K-Meleon that works fine also (v1.8.2.4) but I don't think you can find that at the KM forum now ... the KM member that developed this particular version ... deleted ALL his posts and the download link and just left sometime back in 2016 or 2015. There may be someone there with the complete download.

However, that version of KM is not possibly safe for banking and such. I just discovered this last month (December) ... I had my worries about it until I ran the browser test but KM is so handy to use in turning things off and on ... I sort of looked the other way until I ran the browser check. So you probably don't want that KM browser version anyway. It's still OK for everyday surfing.

The last version of PM (Pale Moon 26.5.0 for Atom/Windows XP) works just fine so far and passes the browser test with flying colors and should be OK for banking and other sites ... hopefully for a long time.

Pale Moon 26.5.0 for Atom/Windows XP

http://www.palemoon.org/palemoon-atom.shtml

End of Windows XP support in Pale Moon

http://www.palemoon.org/PM_end_of_WinXP_support.shtml

Browser Test Page:

Mathwiz posted this browser test link in another thread ...


"You can go to ... https://www.ssllabs.com/ssltest/viewMyClient.html ... with any browser to see what security protocols, encryption ciphers, etc. your browser supports."

... just ran the browser test again on my KM version and PM. I do not understand the terms but there are six insecure notifications with KM  and none with PM v26.5.0. I now use PM for more security at certain sites. I don't know how insecure KM is but the PM results look better to me.

My KM results from the test ... everything else seemed to be OK except for these six mentions.

Protocols
TLS 1.2     Yes
TLS 1.1     Yes
TLS 1.0     Yes
SSL 3     No
SSL 2     No    

Cipher Suites (in order of preference)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)   INSECURE        128

TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   INSECURE        128

TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)   INSECURE        128

TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)   INSECURE        128

TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE        128

TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE        128

...

Edited by monroe
addition
Link to comment
Share on other sites

The RC4 cipher isn't considered secure anymore. I don't think it's terrible, but if possible you should disable the suites listed above. If KM is based on FF, you can probably use about:config and search for "security" to find the Booleans to toggle off.
 

Link to comment
Share on other sites

OK ... thanks for that information about 'turning off' those six insecure findings. I did turn them off or set them to False in 'about:config'.

I did not know about doing that ... yes, K-Meleon is similar to Firefox in many ways. Just ran that browser test again and nothing is showing as Insecure.

monroe

Link to comment
Share on other sites

I actually had one more problem showing up with the K-Meleon browser when going to that test page. I also was getting this warning ...
Logjam Vulnerability
Your user agent is vulnerable. Upgrade as soon as possible.

... so checking around with Google ... I found this solution for Firefox and applied it to the K-Meleon browser. So now when I go to the test page, I get this:

Logjam Vulnerability
Your user agent is not vulnerable.

This is the information I found to fix it:
 

Nice. But way better: Change all 'security.ssl3' lines to 'false' EXCEPT

security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256   (?)

security.ssl3.ecdhe_rsa_aes_128_gcm_sha256   (?)

security.ssl3.ecdhe_rsa_aes_256_sha   (OK)

security.ssl3.ecdhe_rsa_aes_256_sha;true   (KM)

and

security.ssl3.rsa_aes_256_sha   (OK)

security.ssl3.rsa_aes_256_sha;true   (KM)

These 4 lines must stay 'true'.
Done!
Ralf Buxa
May 27, 2015

I could not find the first two lines (?) ... only the last two where I have (OK) and below each line is a 'line copy' from K-Meleon ... they match exactly ... but as I said earlier, the first two lines don't appear in my K-Meleon version.

So all the ssl3 lines in my K-Melon browser are now FALSE except for those two lines that I did find and and left as 'true'.

So my question would be now ... since the browser test page is no longer showing 'any problems' ... would the KM browser be OK for banking and more secure type pages or could there still be some problems not showing with this older browser? I can keep using Pale Moon but I was wondering about K-Meleon also being OK now to use again with these sites?

... just to add about those first two lines that I did not find in the KM 'about:config' ... I did find two lines that were very similar but those two lines did not have 'gcm' in them. Not sure if I should have left those two lines as 'true' but they did not 'exactly' match so I made them 'false'. Any input on this would be helpful. Everything seems to be working so far with the KM browser.

monroe

 

Edited by monroe
spacing
Link to comment
Share on other sites

I think the Logjam attack only applies to cipher suites with DHE (not ECDHE) key exchange, so if you have it, I'd try disabling the ones that start with DHE and leave the other cipher suites alone unless they have other issues (such as RC4).
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...