How to bypass CloudFlare bot protection ?
Several months ago I submitted what appeared to be a security flaw to CloudFalre’s bugbounty program. According to them, this is not a problem, it’s up to you to make up your own mind.
Cloudflare offers a system of JavaScript workers that can be used to execute code on the server side (at Cloudfalre therefore). This feature can be useful for static sites, maintenance pages etc … But it is also a great tool for pentest (serverless C&C, easy phishing proxy etc …). In this post we will explore Cloudflare bot protection bypass.
If you’ve ever tried accessing a site like shodan.io from Tor, you know how annoying these captchas are.
First, we will register a domain (a free .tk domain will be sufficient) and create a Cloudfare account. Once the domain is validated by Cloudflare we need to add at least one valid DNS entry that uses proxy mode.
Now we are going to create a JavaScript worker that will fulfill the role of reverse proxy (full code is available on GitHub: https://github.com/jychp/cloudflare-bypass). Create a new worker and copy/paste worker.js content into it. You can customize TOKEN_HEADER, TOKEN_VALUE, HOST_HEADER and IP_HEADER values.
Then add a route to you worker: proxy.domain.com/*
Now, if you try to reach proxy.domain.com, you will see “Welcome to NGINX.”. The JavaScript code is pretty easy to understand, it will look for a specific header (acting as a magic) and will forward your request to the given domain.
To easily use this proxy, a python wrapper is available in my GitHub repository, let’s play with it.
>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '1.2.3.4')
>>> req = proxy.get('https://icanhazip.com')
>>> print(req.status_code)
200
>>> print(req.text)
108.162.229.50
Read more : https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb
*Beware click the link!