PayPal login issue

Pentlands

Beta Tester
Hi,

For a month or so i've had this problem, initially i thought it was a Paypal issue but now i'm not so sure...

Version 7.4 beta 1 (build 3147, CL 1.5.229), on Windows 7.

When i try to login and/or purchase anything using Paypal i'm running into an issue that stops the process dead... disabling AdGuard solves the problem.

e.g.
Trying to log into Paypal from their homepage appears to start a loop that goes nowhere because as far as i can tell the Captcha is being filtered by AdGuard.
The same happens when i use a website that redirects to Paypal for payment... the redirect starts but because the Captcha is blocked the payment fails.

As i said, disabling AdGuard and trying again allows access to Paypal, likewise for making redirected payments.

Of note is that with AdGuard disabled, whether or not the Captcha is visible appears to be a random requirement by Paypal.

HTH.
 
Last edited:

Chinaski

Support Marine
Staff member
Administrator
Moderator
@Pentlands
Hello there!

Tell me, do you have stealth-mode settings enabled?
Try to disable and login to PayPal again. Any luck?
 

Pentlands

Beta Tester
Hi,

Stealth-mode is OFF.

I have never enabled stealth-mode so the issue probably isn't stealth-mode.

Thanks.
 

Pentlands

Beta Tester
A quick follow-up, i should probably have posted which browser i was using... and trying another to see if the same happened with that browser.

My issue above appears with Firefox 74.0 and still persists, see attached screenshot of Paypal falling over today.
(Prior to the message in the attachment the screen goes through a process of refreshing/alternating between "Security Prompt" & a Captch box with a checkbox to confirm "I'm not a robot"... after several attempts of Firefox trying to gain access to my Paypal account it stops with the attached error message.)

I just tried to access Paypal using IE11 and i have no issues, Paypal asks for my username and password, the Captcha screen allows me check the "I'm not a robot" checkbox and i enter my account... this is WITH AdGuard enabled.

Fwiw, other than making cosmetic changes for appearance purposes my Firefox settings are default.

@Blaz
I'll have a look in the filtering log but without knowing what i should be looking for it's likely i'll miss something.

Thanks again.
 

Attachments

Blaz

Moderator & Translator
Staff member
Moderator
Anything with domain paypal.com. Site is in HTTPs exclusion and therefore should normally not apply anything to the site.
If you have AdGuard Extension enabled, please try to disable in FF addons.
 

Boo Berry

Moderator + Beta Tester
Moderator
Try adding these to the user filter...

Code:
@@||paypal.com^$document,important
@@||paypalobjects.com.com^$document,important
This should disable filtering on PayPal even though paypal.com is in the HTTPS exclusions like Blaz said.
 

Pentlands

Beta Tester
Firefox extension is not enabled in AdGuard and is not listed within Firefox Addon Manager.

I have, i think, narrowed down a log file that has the information you want but the file size exceeds this Forum's limit.

I rebooted in the hope that a new log file with a smaller size might have been written reducing the size less the previous 1.99MB file, but when i got back into windows and tried to log into Paypal the endless looping with the Captcha didn't end until i manually closed Firefox, the result is my latest log file is now 9.71MB.

Because i can't post that file here, and i really don't know what i'm looking at, i'll cut & paste a small sample in the hope it makes sense.

Should you see something that warrants further investigation i can and will post the log file to another place if you require it.

VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.765, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3899] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.765, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2827] Processed request: GET /pa/tl/patleaf.js HTTP/2.0
Host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
accept: */*
accept-language: en-GB,en;q=0.5
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
if-modified-since: Thu, 06 Feb 2020 21:17:27 GMT
Accept-Encoding: gzip, deflate, br


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=57)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=13)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl-297] Parsed received response: HTTP/2.0 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Apr 2020 18:54:00 GMT
content-security-policy: script-src 'nonce-by1Cb/2E2x52zdsZvSnbbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1173
server: GSE
set-cookie: stripped
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000


VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Assistant Beta for url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Assistant Beta excludes url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Popup Blocker (Beta) for url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Popup Blocker (Beta) excludes url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Extra Beta for url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched script AdGuard Extra Beta excludes url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGUserscript: matched 0 scripts for url https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=P6KLRNy7h3K160ZmYNUOAce7&k=6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA&cb=86bv6bfo94tr
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl-297] Processed response: HTTP/2.0 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Apr 2020 18:54:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: stripped
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'nonce-by1Cb/2E2x52zdsZvSnbbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' local.adguard.org 'nonce-184f7ec4239c42429ae36edbdd6'


VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl] httpOutput(endpoint=192.168.1.106:49231; length=296)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl] httpOutput(endpoint=216.58.213.100:443; length=13)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl] httpOutput(endpoint=192.168.1.106:49231; length=8415)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl] httpOutput(endpoint=192.168.1.106:49231; length=9)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl] httpOutput(endpoint=216.58.213.100:443; length=17)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000014-h2-ssl-297] remote HTTP stream 297 is fully processed, closing
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2825] Parsed received response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1024939
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 740
x-timer: S1585767241.935886,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2825] Processed response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1024939
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 740
x-timer: S1585767241.935886,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=60)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=13)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=9)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.781, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2825] remote HTTP stream 2825 is fully processed, closing
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3900] Filtering connection 192.168.1.106:50654->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001420] New filtered connection id=3900
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001420] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001420] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001420] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001420-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001420-ssl] Destroying session
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3900] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3901] Filtering connection 192.168.1.106:50655->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001421] New filtered connection id=3901
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001421] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2827] Parsed received response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1034424
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 204117
x-timer: S1585767241.946296,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2827] Processed response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1034424
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 204117
x-timer: S1585767241.946296,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001421] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=92)
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001421] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=13)
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001421-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=9)
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001421-ssl] Destroying session
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2827] remote HTTP stream 2827 is fully processed, closing
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.797, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3901] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3902] Filtering connection 192.168.1.106:50656->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001422] New filtered connection id=3902
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001422] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001422] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001422] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001422-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001422-ssl] Destroying session
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3902] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] Parsed received request: GET /web/res/a1e/e1e5222a8483f8c63e425963d904b/js/view/authcaptcha.js HTTP/2.0
Host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
accept: */*
accept-language: en-GB,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.paypal.com/auth/validatecaptcha
cookie: stripped
if-modified-since: Mon, 06 Jan 2020 15:42:36 GMT
te: trailers


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] Processed request: GET /web/res/a1e/e1e5222a8483f8c63e425963d904b/js/view/authcaptcha.js HTTP/2.0
Host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
accept: */*
accept-language: en-GB,en;q=0.5
referer: https://www.paypal.com/auth/validatecaptcha
cookie: stripped
if-modified-since: Mon, 06 Jan 2020 15:42:36 GMT
Accept-Encoding: gzip, deflate, br


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=91)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=13)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2825] client HTTP stream 2825 is fully processed, closing
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.812, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2827] client HTTP stream 2827 is fully processed, closing
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3903] Filtering connection 192.168.1.106:50657->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001423] New filtered connection id=3903
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001423] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001423] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001423] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001423-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001423-ssl] Destroying session
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3903] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: onRead: 631
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: parsing HTTP headers: +631
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: HTTP request: GET /?type=sfbr-script&ltt=a1f40bafbc614f918544ab70c1a&u=https%3A%2F%2Fwww.google.com%2Frecaptcha%2Fapi2%2Fbframe%3Fhl%3Den-GB%26v%3DP6KLRNy7h3K160ZmYNUOAce7%26k%3D6LepHQgUAAAAAFOcWWRUhSOX_LNu0USnf7Vg6SyA%26cb%3D86bv6bfo94tr&r=0.15379489644262723 havebody=0
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3904] Filtering connection 192.168.1.106:50658->23.63.87.118:443
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: HTTP response: 200 OK body=[0]
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001424] New filtered connection id=3904
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: output: 241
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: on_stream_processed
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001424] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *103: on_stream_processed
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *104: Reusing connection 08428A50 for client 127.0.0.1:49218 fd 3160
VERBOSE, AdguardSvc, 12, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGLocalApiServer: *104: parsing HTTP headers: +0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001424] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001424] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001424-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001424-ssl] Destroying session
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.828, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3904] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] Parsed received response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1018708
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 708
x-timer: S1585767241.986115,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] Processed response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:00 GMT
via: 1.1 varnish
age: 1018708
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 708
x-timer: S1585767241.986115,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=58)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=13)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=9)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] remote HTTP stream 2829 is fully processed, closing
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3905] Filtering connection 192.168.1.106:50659->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001425] New filtered connection id=3905
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001425] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001425] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001425] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001425-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001425-ssl] Destroying session
VERBOSE, AdguardSvc, 17, 01.04.2020 19:54:00.843, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3905] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2831] Parsed received request: GET /pa/tl/patlcfg.js HTTP/2.0
Host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
accept: */*
accept-language: en-GB,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
if-modified-since: Thu, 06 Feb 2020 21:17:27 GMT
te: trailers


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2831] Processed request: GET /pa/tl/patlcfg.js HTTP/2.0
Host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
accept: */*
accept-language: en-GB,en;q=0.5
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
if-modified-since: Thu, 06 Feb 2020 21:17:27 GMT
Accept-Encoding: gzip, deflate, br


VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=199.232.58.133:443; length=58)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl] httpOutput(endpoint=192.168.1.106:49241; length=13)
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2829] client HTTP stream 2829 is fully processed, closing
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3906] Filtering connection 192.168.1.106:50660->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001426] New filtered connection id=3906
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001426] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001426] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001426] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001426-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001426-ssl] Destroying session
VERBOSE, AdguardSvc, 18, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3906] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.859, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: [id=3907] Filtering connection 192.168.1.106:50661->23.63.87.118:443
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxyServer: [id=1001427] New filtered connection id=3907
VERBOSE, AdguardSvc, 4, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001427] Set operating mode to DETECTION
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001427] Not filtering this TLS connection because paypal.com is in list of domains not to filter
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGSslDomainFilter: [id=1001427] TLS connection to 't.paypal.com' is blocked by domain (rule '||t.paypal.com^')
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001427-ssl] Shutting down session (from=1721)
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1001427-ssl] Destroying session
VERBOSE, AdguardSvc, 19, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGNFHandler: writeEof: [id=3907] Sent disconnect, result: send=0, receive=0
VERBOSE, AdguardSvc, 16, 01.04.2020 19:54:00.875, Adguard.Core.Common.Logging.CoreLoggerAdapter | AGProxySession: [id=1000020-h2-ssl-2831] Parsed received response: HTTP/2.0 304
date: Wed, 01 Apr 2020 18:54:01 GMT
via: 1.1 varnish
age: 1034426
x-served-by: cache-lon4267-LON
x-cache: HIT
x-cache-hits: 204961
x-timer: S1585767241.024714,VS0,VE0
vary: Accept-Encoding
cache-control: max-age=3600
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: x-csrf-token
strict-transport-security: max-age=31557600
 

Boo Berry

Moderator + Beta Tester
Moderator
I had the captcha issue, until I added this to my user filter (in addition to the other two rules I posted above).

Code:
@@||paypal.com/authflow/twofactor/?returnUri=*^$document,jsinject,extension,network,important
So with all three in my configuration, it looks like this with all three rules...

Code:
@@||paypal.com^$document,jsinject,extension,network,important
@@||paypalobjects.com^$document,jsinject,extension,network,important
@@||paypal.com/authflow/twofactor/?returnUri=*^$document,jsinject,extension,network,important
 

Pentlands

Beta Tester
@Boo Berry

There appears to be an issue with the following rule:

@@||paypal.com/authflow/twofactor/?returnUri=*^$document,jsinject,extension,network,important

AdGuard reports it as invalid, the other two rules i have no problem inserting into my user filter but they don't help with the Paypal Captcha issue.

Also it begs the question, you appear to already know about this issue, why has it not already been addressed by the AdGuard developers?
 

Boo Berry

Moderator + Beta Tester
Moderator
Well, I'm not an AdGuard developer or part of the AG team. That said I discovered the issue about 6-8 months ago and did mention it in the Telegram chat and just assumed it would've been taken care of, and forgot all about it.

I've added a 4th rule to my user filter for this, try it and see if it helps:

Code:
@@||paypal.com/auth/validatecaptcha^$document,important
 

Pentlands

Beta Tester
Hi Boo Berry,

Apologies, i knew you are not a developer and didn't intend to imply you were, sorry for any confusion.

That said, i've added your 4th rule to your first two but sadly the issue persists.
 

Boo Berry

Moderator + Beta Tester
Moderator
Make sure both paypal.com and paypalobjects.com are in the HTTPS exclusions list (AG's Settings > Network > Exclusions).

Otherwise, I can't reproduce it, PayPal with two-factor authentication is working for me.
 

Pentlands

Beta Tester
You nailed it!

paypalobjects.com was not listed, after i added it to the HTTPS exclusion list Paypal no longer goes into a loop until an error message is shown... i can now check the Captcha box when i should be prompted to do so.

I also removed your rules to see if removing them would make a difference, it didn't and so far so good.

Fyi, the only paypal entries prior to adding paypalobjects.com were:
paypal.com
paypal-nakit.com (I have no idea what this is?)

As a rule i never go near the filters section unless i'm prompted to do so, so i have no idea how paypalobjects.com was removed from that exclusion list, my best guess would be that somewhere along the line it was removed in error by the developers and that error was included in a later update.

Thank you.
 

Pentlands

Beta Tester
Just to be clear.

My issue was with Firefox 74.0

IE11 was not affected and remains to be unaffected by the addition of paypalobjects.com to the HTTPS exclusion list.

I can't speak about other browsers because i only have IE11 and Firfox installed on my PC.
 

Boo Berry

Moderator + Beta Tester
Moderator
IE11 I'd be a bit weary about, since it's a dead browser that's no longer updated by Microsoft and sites like PayPal may (or could've already) drop support for it.
 

Pentlands

Beta Tester
IE11 I'd be a bit weary about, since it's a dead browser that's no longer updated by Microsoft and sites like PayPal may (or could've already) drop support for it.
I hear you, for that reason Firefox is my primary browser.

IE11 still remains handy though if i run into issues with websites when i use Firefox.... case in point being the issue in this thread.
 
Top