Hello guys! Today I have decided to start a technical series. This series would contain technical stuffs like networking, firewall and other tech stuffs. Alright, let’s not get off topic. What is Cloudflare? How to bypass Cloudflare? Well, here is the answer for what is cloudflare.
Let’s see what has Wikipedia got to say about Cloudflare.
Cloudflare, Inc. is a U.S. company that provides content delivery network services, DDoS mitigation, Internet security and distributed domain name server services, sitting between the visitor and the Cloudflare user’s hosting provider, acting as a reverse proxy for websites. Cloudflare’s headquarters are in San Francisco, California, with additional offices in London, Singapore, Champaign, Austin, Boston and Washington, D.C.
For me, Cloudflare is just a wall that I can jump off using some simple and easy-to-use tool. But if the website owner decides to configure the Cloudflare properly, then surely it cannot be bypassed. But for now, let’s begin learning how to bypass Cloudflare.
What do the Cloudflare do to protect the website from attacks?
How to bypass Cloudflare?
To prevent the direct access to the server, Cloudflare hides the origin IP of the web server and replaces it with it’s own protected IP. But there are some techniques through which we can bypass cloudflare security and get to know the origin IP.
Whenever a domain’s name-server is updated and pointed to a hosting provider’s service, the hosting provider takes over access to all the sub-domains on the domain and adds some of its own sub-domain such as “mail”, “cpanel”, etc. For example if you own a domain “example.com”, when you point it’s name-server to the hosting provider’s service, the hosting provider adds a sub-domain as “mail.example.com”,”cpanel.example.com”,etc. The hosting provider assigns one server to the website and that server is having all the same IPs on the same domain. In order to not let the out-going email conflict connections, cloudflare does not change the IP address of the “mail” sub-domain. So when we ping “mail.example.com”, we find the real IP.
Let’s prepare a list of possible sub-domains that can probably be pointing the origin name server. For example mail,email,admin,panel,cpanel,cp.controlpanel,adminpanel,admincp,apanel,acp,mod,music,test,www, and etc. And the list goes on, you can ping all the possible words as a sub-domain and see which one does not point Cloudflare IP.
This job looks hard, right? But ShadowCrypt’s Cloudflare resolver does the same in less then a second. It analyses about 100+ words and pings them all. It does find which sub-domain is valid and which is not. After finding all the IPs, the resolver shows you the non-cloudflare IP in the result.
How to bypass Cloudflare using ShadowCrypt’s Cloudflare resolver?
This is the easiest job but still I would show you how to do it properly. So let’s begin.
Now type the cloudflare domain in the box. Press “Resolver/Submit” in the orange button to resolve the website. After you press the resolver button, it will show you the resolved IP address of the domain you’ve entered.
Link to ShadowCrypt’s Cloudflare Resolver.
Alright guys, that’s all for now. From now onwards, I will be posting technical stuffs on my blog. If you have any difficulty resolving cloudflare IP, let me know in the comment section below with your E-Mail address, I will bypass the cloudflare website and email the origin IP to you. Thank you once again and have a great day ahead 🙂