How to bypass CloudFlare bot protection ?
Several months ago I submitted what appeared to be a security flaw to CloudFalre’s bugbounty program. According to them, this is not a problem, it’s up to you to make up your own mind.
If you’ve ever tried accessing a site like shodan.io from Tor, you know how annoying these captchas are.
First, we will register a domain (a free .tk domain will be sufficient) and create a Cloudfare account. Once the domain is validated by Cloudflare we need to add at least one valid DNS entry that uses proxy mode.
Then add a route to you worker: proxy.domain.com/*
To easily use this proxy, a python wrapper is available in my GitHub repository, let’s play with it.
>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '188.8.131.52')
>>> req = proxy.get('https://icanhazip.com')