How to bypass Cloudflare WAF
Cloudflare is a popular web app firewall provider. It offers protection against DDOS and malicious attacks. Furthermore, it offers protection from common vulnerabilities.
Although Cloudflare WAP works well in blocking basic payload, several bypasses still exist. Testing these bypasses helps understand the security of Cloudflare. In fact, there are three ways to get rid of Cloudflare WAF:
- Customize the payoffs to bypass the rules in place.
- Modify requests to disrupt the server.
- Get around Cloudflare WAF by locating the origin IP of the web server.
The last option seen above involves starting the normal recon process and grabbing IP addresses and checking which one has a web server enabled in order to bypass Cloudflare WAF.
Alternatively, we can bypass Cloudflare WAF with Censys as seen below:
- To begin with, head to Censys and select Certificates as the select input.
- Then search our domain and hit search. This gives us a list of certificates.
- Next, click on each result to access the details. Then click Explore and choose IPv4 Hosts. This gives us access to the IP addresses of the servers using the certificate.
- At this point, we can grab all the IPs we want and try accessing our target domain via these addresses.
We can get the job done by retrieving mail headers from the mails issued by the target. Another option is the XML-RPC tool in WordPress. It offers a pingback feature that helps us bypass Cloudflare WAF.
HAPPY HACKING
No comments:
Post a Comment