How To Bypass Cloud Flare Protection ?
Hey Hacker !!
Today we are going to discuss about how you can bypass cloudflare protection, to find the real IP address of the target.
CloudFlare is a cloud-based protection, developed to protect websites against Denial of Service attacks. It works by acting as reverse proxy the name servers and the real IP address are hidden under the CloudFlare IP address.
Therefore, the attacker would not be able to cause any DOS attacks, since all traffic would be routed through the Cloudflare servers.
Method 1: Resolvers
The most common approach to bypass a cloudflare protection is to use online Cloudflare resolvers that use different methods to bypass the protection.
For this demonstration, our target would be running behind cloudflare servers.
To find whether the site is running over cloudflare servers, you can make use of NSLook up or you can make use of online lookup tool
Cloudflare resolvers contains a list of around 381,314 domains that have recently shifted to cloudflare , and they are actively testing it .
Method 2 :Subdomain Trick
Most people don’t configure Cloudflare properly .Their main domain would have a cloudflare IP address , but the subdomains will point to real IP address.
For example:
mrscriptkiddie.com is pointing to IP address 173.245.61.9 contact.mrscriptkiddie.com pointing to real IP address 199.47.222.125 mail.mrscriptkiddie.com pointing to real IP address 199.47.222.125
You can perform this Subdomain trick by just pinging.
ping NAME_OF_SITEIn the same way , we can use other subdomains to find real IP address of a website.
Note: There are also automated scripts utilizing the same attack vector .One such tool i found was written in PHP .
Method 3 :Mail Servers
The third and final trick to find the real IP address of a target website would mostly work on forums and websites allowing registrations.
To perform such attack you need to register on a particular site ,and it will send a confirmation E-mail to the address we provided while registering .
After the confirmation e-mail is received ,view the e-mail header .
Next we would use any email tracer to check from where the E-mail originated. We will use the following website to do so .
www.ip2location.com/free/email-tracer
As you can see we are successfully able to extract IP address from the MX server.
Keep Coming for more !!!
Thank you.