Tips & Trick
311

How to bypass CloudFlare bot protection ?






  28-Mar-2021 20:53:14



How to bypass CloudFlare bot protection ?


Several months ago I submitted what appeared to be a security flaw to CloudFalre’s bugbounty program. According to them, this is not a problem, it’s up to you to make up your own mind.

Cloudflare offers a system of JavaScript workers that can be used to execute code on the server side (at Cloudfalre therefore). This feature can be useful for static sites, maintenance pages etc … But it is also a great tool for pentest (serverless C&C, easy phishing proxy etc …). In this post we will explore Cloudflare bot protection bypass.

If you’ve ever tried accessing a site like shodan.io from Tor, you know how annoying these captchas are.

First, we will register a domain (a free .tk domain will be sufficient) and create a Cloudfare account. Once the domain is validated by Cloudflare we need to add at least one valid DNS entry that uses proxy mode.


Now we are going to create a JavaScript worker that will fulfill the role of reverse proxy (full code is available on GitHub: https://github.com/jychp/cloudflare-bypass). Create a new worker and copy/paste worker.js content into it. You can customize TOKEN_HEADER, TOKEN_VALUE, HOST_HEADER and IP_HEADER values.

Then add a route to you worker: proxy.domain.com/*


Now, if you try to reach proxy.domain.com, you will see “Welcome to NGINX.”. The JavaScript code is pretty easy to understand, it will look for a specific header (acting as a magic) and will forward your request to the given domain.

To easily use this proxy, a python wrapper is available in my GitHub repository, let’s play with it.

>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '1.2.3.4')
>>> req = proxy.get('https://icanhazip.com')
>>> print(req.status_code)
200
>>> print(req.text)
108.162.229.50

Read more : https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
9817
2
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
6127
167
Top

Free Proxy List
Sandidi Sandidi
Networking
3047
3
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2330
11
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1682
93
Top

Related Post

Youtube Video

Subscribe