Ethical Hacking and Penetration Testing Guide
Bypassing CloudFlare Protection
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
Bypassing CloudFlare Protection
CloudFlare is a cloud-based protection, developed to protect websites against denial of service attacks. It works by acting as a reverse proxy; the name servers and the real IP address are hidden under the CloudFlare IP address. Therefore, the attacker would not be able to cause any denial of service attacks, since all the traffic would be routed through the CloudFlare servers. We will now talk about some basic methods that can be used to bypass a CloudFlare protection. Method 1: Resolvers The most common approach to bypass a CloudFlare protection is to use online CloudFlare resolvers that use different methods to bypass the protection. For this demonstration, our target would be attack-secure.com, which runs behind CloudFlare servers. We can verify this by per- forming a query to its name servers. Information Gathering Techniques ◾ 91 Let’s take a look at one of the popular resolvers, cloudflare-watch.org. It contains a list of around 381,314 domains that have recently shifted to CloudFlare, and they are actively testing it. People at CloudFlare believe that CloudFlare was started for the purpose of helping “bad guys” such as hackers, DDoSers, and copyright pirates. Here is what they say on their homepage: CloudFlare is a venture-funded startup that routes around Internet abuse by acting as a reverse proxy. They also encourage illegality by allowing hackers, DDoSers, cyber- bullies, and copyright pirates to hide behind their servers. All you need to do is go to the following URL and type your domain name and click on “Search”: http://www.cloudflare-watch.org/cfs.html A direct IP connect is found in the database. If you compare this IP address with the IP address that we get while we ping the website, it will be different. On navigating to http://199.47.222.125 , we find that this particular webserver belongs to Page.ly, which is the real web hosting company for attack-secure.com. 92 ◾ Ethical Hacking and Penetration Testing Guide Method 2: Subdomain Trick Most people don’t configure CloudFlare properly. Their main domain would have a CloudFlare IP address, but the subdomains will point to the real IP address. For example: attack-secure.com—Pointing to 173.245.61.19 Cpanel.attack-secure.com—Pointing to the real IP address 199.47.222.125 ftp.attack-secure.com—Pointing to the real IP address 199.47.222.125 forums.attack-secure.com—Pointing to the real IP address 198.199.81.93 In the same way, we can use other subdomains to find the real IP address of CloudFlare. Alternatively, you find scripts and tools online that would utilize the same trick to figure out the real IP. There are also automated scripts utilizing the same attack vector. One such script I found was coded in PHP. Here is the output: Yüklə 22,44 Mb. Dostları ilə paylaş:
|