Tips & Trick
674

How to bypass CloudFlare bot protection ?






  28-Mar-2021 20:53:14



How to bypass CloudFlare bot protection ?


Several months ago I submitted what appeared to be a security flaw to CloudFalre’s bugbounty program. According to them, this is not a problem, it’s up to you to make up your own mind.

Cloudflare offers a system of JavaScript workers that can be used to execute code on the server side (at Cloudfalre therefore). This feature can be useful for static sites, maintenance pages etc … But it is also a great tool for pentest (serverless C&C, easy phishing proxy etc …). In this post we will explore Cloudflare bot protection bypass.

If you’ve ever tried accessing a site like shodan.io from Tor, you know how annoying these captchas are.

First, we will register a domain (a free .tk domain will be sufficient) and create a Cloudfare account. Once the domain is validated by Cloudflare we need to add at least one valid DNS entry that uses proxy mode.


Now we are going to create a JavaScript worker that will fulfill the role of reverse proxy (full code is available on GitHub: https://github.com/jychp/cloudflare-bypass). Create a new worker and copy/paste worker.js content into it. You can customize TOKEN_HEADER, TOKEN_VALUE, HOST_HEADER and IP_HEADER values.

Then add a route to you worker: proxy.domain.com/*


Now, if you try to reach proxy.domain.com, you will see “Welcome to NGINX.”. The JavaScript code is pretty easy to understand, it will look for a specific header (acting as a magic) and will forward your request to the given domain.

To easily use this proxy, a python wrapper is available in my GitHub repository, let’s play with it.

>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '1.2.3.4')
>>> req = proxy.get('https://icanhazip.com')
>>> print(req.status_code)
200
>>> print(req.text)
108.162.229.50

Read more : https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb

*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for report, comment and join discussion
Login Here
Sponsored

Popular Posts
Gps Tracker Seccodeid Free Too...
General
21824
206
Top


Djie sam soe Djie sam soe
Complete Basic Course in Kali...
Linux
14722
4
Top


Djie sam soe Djie sam soe
Free Proxy List
Networking
3717
3
Top


Sandidi Sandidi
Need ida pro crack anyone have...
Reverse Engineering
2384
29
Top


Member Seccodeid Rei
Xampp msyql error cant running
Web Development
2341
25
Top


Karno si kribo Karno si kribo

Related Post

Youtube Video

Subscribe