CloudHole: make CloudFlare's I'm not a robot captchas appear less often

Martin Brinkmann
Mar 14, 2016
Updated • Jun 25, 2017
Firefox, Firefox add-ons

One of the disadvantages of connecting to a VPN or Tor is the dreaded "I'm not a robot" message that you get on every site you visit that uses CloudFlare.

An intermediary page is displayed to you that notifies you that there is "one more step" to complete before you can access the site you want to load in your browser of choice.

You need to check the I'm not a robot" box, and complete one or multiple captchas first before you are allowed to access the site you want to visit.

Cloudflare uses different types of captchas, for instance multiple choice ones where you need to select all matching items on an image map.


one more step

The main issue here is that you need to repeat the process on every site using CloudFlare, and sometimes even on the same site if you reload it.

I always wondered by CloudFlare would not make the system more comfortable by whitelisting an IP address for a certain amount of time after a user successfully confirmed to the service that an actual user was trying to access the site protected by the service.

The brand new Firefox add-on CloudHole attempts to do just that by storing user agent and clearance cookie when solving captcha codes so that they can be reused on other sites.

This add-on stores the user agent and clearance cookie when you solve a captcha, and re-uses it on other websites as long as it's still valid, easing the pain during your browsing session.

So, instead of having to go through captchas on every site while using a VPN or Tor, you only have to fill out some.

cloudflare cloudhole firefox

CloudHole cannot get rid of them completely but it can make the whole process more comfortable by reducing the number of captcha codes you need to solve.

The extension for Firefox ships with an API that allows users to share valid cookies which gets cookies from other users for use on your system.

You can click on the add-on icon to manage CloudHole API access and check out user agents, clearance cookie data and the API key.

Closing Words

The idea behind CloudHole makes sense. If you visit lots of sites throughout the day and get cookies for each that is using CloudFlare, you know how time consuming and annoying this can be.

CloudHole on the other hand does not resolve the issue completely but you will get less I'm not a robot prompts while using it.

If you don't feel comfortable using the API provided, disable the feature so that only locally saved cookies and information are used to improve the process.

software image
Author Rating
3 based on 9 votes
Software Name
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. fuck said on August 1, 2017 at 5:19 am

    ive never been able to get this extension to work, not 1 single time.

  2. James said on January 19, 2017 at 9:14 pm

    This captcha are not working for me at all !!

    i dont know why maybe cloudflare blackliste my ip

    but with Captcha v1 it work now nop

  3. Remco said on October 11, 2016 at 12:57 pm

    This seems to negate part of the reason why you use VPN/TOR. You use a unique identifier that can identify a single user doing things on the internet coming with traffic coming from different exit nodes.

  4. Ben said on March 15, 2016 at 2:38 pm

    Interesting. Thanks.

  5. Jason said on March 15, 2016 at 2:48 am

    Useful add-on, but I have an easier solution: don’t visit the problematic site. This is seriously the only way for web admins to get the message that it’s not cool to block VPNs and TOR.

    1. stilofilos said on March 15, 2016 at 9:56 am

      If they are so dumb to use something as ridiculous as those captchas, I doubt whether they’ll ever get the message…
      I understand that people want to protect their sites against whatever dirt, my computer is protected, too. But let them at least use a minimum of intelligence and user-friendlyness. Last I met a captcha that actually worked, but in all other cases I encountered it just does not. No matter how correctly i solve them, they always come back telling that it’s not valid. There is even a site that does not even display anything to copy, so what would I be supposed to enter… ?
      Besides debility, it also is not cool at all to welcome visitors with a dumb robot, especially not while they themselves want to keep robots out…
      But yes, ignoring them is indeed what I use to do with such sites.

      1. Big Mac said on March 19, 2016 at 1:23 am

        “Last I met a captcha that actually worked, but in all other cases I encountered it just does not”

        Agree that captcha is not friendly to users, but never ran into one that “doesn’t work”.

        The problem is usually a conflict with an adblocker like Adblock+ or uMatrix, forcing one to turn on scripts to get the captcha to even show up (lately, been seeing only the click box, but not the prompt to select images, or to retype the alphanumeric).

        This extension will be a nice way to open scripts once for the captcha and closing them again for the session vs opening for each time a website requests it.

  6. Dave said on March 15, 2016 at 12:02 am

    Really? Someone made an app for THIS, of all things?

    That box is probably the most lenient reCAPTCHA around. It’s not like you have to solve some crossed out letters, or stare at an image with blurred numbers, or anything of that sort. Really? Clicking a box is too hard for you?

    1. Tin Foil said on March 17, 2016 at 12:17 am

      As a tor user, these captchas are honestly annoying and benefit nobody really. I shouldn’t have to re-enable javascript and make tor less secure, so I can do these stupid things to just read a news article.

      Anybody that wants to create a tor-friendly non-js workaround for these abominations should do so, and tor users like me would donate to get and keep something like that going.

    2. Testuser said on March 15, 2016 at 7:50 pm

      I don’t know how Google rates your identity, connection and country, but almost every time it is not just limited about simply clicking the box to be done. Often I have to solve one or two picture selections. Especially with proxies this is just ridiculous anyway how often it happens. So +1 for creative solutions like these. You need to think a little out of the box please. I was already shocked when I saw how many people on some forums gave stupid answers when I was looking up how to disable the charging LED on Android devices. They have insulted the original poster and said stuff like “just flip the phone”, and I was shaking my head when I had to read that… The same logic applies here too: Missing out of box thinking. They were not aware that people want to see notification lights when their device is charging. It could also be too bright at night when charging the device, but when there is an important message, of course you still would like to see the flashing LED. So with a ground-facing phone you won’t see it. Additionally, it can also save lifetime of the LED.

      TL;DR: Don’t stultify solutions and ideas just because they seem not useful to >you<. Thanks.

  7. Graham said on March 14, 2016 at 9:33 pm

    Cool! Now spambots have a loophole they can exploit! Thanks, CloudHole!

  8. Ficho said on March 14, 2016 at 7:33 pm

    Doesn’t work with the latest Tor Browser (based on Firefox 38.7).
    CloudHole works with Firefox 45.0 and later.

    1. All Things Firefox said on March 15, 2016 at 5:19 pm

      The Tor Project specifically recommends against installing browser extensions:
      The bad part of a CAPTCHA is when it appears in a foreign language, since the IP of the Tor exit node is foreign. Other than that, I don’t mind so much.

    2. Martin Brinkmann said on March 14, 2016 at 7:51 pm

      Any idea when the Tor Browser will be updated to the new ESR base version?

      1. neal said on March 15, 2016 at 6:10 am

        If previous TOR version are any indication, then the EOL of the ver 38 ESR version so less than 12 weeks from now or when Firefox 47 is released. Then all ESR 38 installs will be updated to ESR 45.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.