Tips & Trick
128

How to bypass CloudFlare bot protection ?






  28-Mar-2021 20:53:14



How to bypass CloudFlare bot protection ?


Several months ago I submitted what appeared to be a security flaw to CloudFalre’s bugbounty program. According to them, this is not a problem, it’s up to you to make up your own mind.

Cloudflare offers a system of JavaScript workers that can be used to execute code on the server side (at Cloudfalre therefore). This feature can be useful for static sites, maintenance pages etc … But it is also a great tool for pentest (serverless C&C, easy phishing proxy etc …). In this post we will explore Cloudflare bot protection bypass.

If you’ve ever tried accessing a site like shodan.io from Tor, you know how annoying these captchas are.

First, we will register a domain (a free .tk domain will be sufficient) and create a Cloudfare account. Once the domain is validated by Cloudflare we need to add at least one valid DNS entry that uses proxy mode.


Now we are going to create a JavaScript worker that will fulfill the role of reverse proxy (full code is available on GitHub: https://github.com/jychp/cloudflare-bypass). Create a new worker and copy/paste worker.js content into it. You can customize TOKEN_HEADER, TOKEN_VALUE, HOST_HEADER and IP_HEADER values.

Then add a route to you worker: proxy.domain.com/*


Now, if you try to reach proxy.domain.com, you will see “Welcome to NGINX.”. The JavaScript code is pretty easy to understand, it will look for a specific header (acting as a magic) and will forward your request to the given domain.

To easily use this proxy, a python wrapper is available in my GitHub repository, let’s play with it.

>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '1.2.3.4')
>>> req = proxy.get('https://icanhazip.com')
>>> print(req.status_code)
200
>>> print(req.text)
108.162.229.50

Read more : https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
POST NEW DISCUSSION
Popular Posts
Gps Tracker Seccodeid Free Too...
Bayu aji Bayu aji
General
2041
121
Top

Free Proxy List
Sandidi Sandidi
Networking
1386
3
Top

Mass Reverse IP Unlimited
ImamSy ImamSy
Hacking
1298
10
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1035
93
Top

GHunt OSINT Tools - Investiga...
Sandidi Sandidi
Tools Hacking
775
3
Top

Related Post
Subscribe

Subscribe free now for latest posts