How to bypass Cloudflare Protection to get the real IP working behind an web application

Hey Guys what's up. Well I know very well, It has been long time with no posts. Well, this post would be something special providing you extra knowledge to grow in CyberSecurity. 

First of all let's deal with what is *Cloudflare*.

*ABOUT CLOUDFLARE*

So Cloudflare is an organization which basically provides us with services such as SSL/TLS, DDoS protection and much more. Well if you are running a web application and are not having any encryption certificate to protect your data, and also you don't know what do in this case... Let me help you out

Just SignUp on Cloudflare and you just have to link your website domain there and that's it, you get a free SSL/TLS Certificate which you can use to gain the trust of your users.

Now lets move on to our next part where we will see how can we bypass this SSL and other DDoS protections which is basically a method which we can use to just remove the protection part. But, before we get into it, let me warn you that the knowledge you get must never be used to inflict harm to an individual or an organization, and if that happens, we (thedecentshub) will not be held liable.

Lab Environment Configuration

Note:- This bypass method can work for any other protection as well. Since, most of the websites we deal with use Cloudflare, that's what the reason for choosing it here.

For beginning the method what we would be doing is, we will go on

https://search.censys.io

Now it is basically a platform where you get information regarding IP Address, Certificates used, their expiry and much more. Now you have to enter the URL of the web application for  which you want the protection to be removed. And make sure you select the dropdown as * hosts *, if you want to know the IP as mentioned below.

On entering, you will see some details regarding the domain and the application as mentioned earlier. 

For example let me take for you a demo web application such as demo.testfire.net(just taking for example, you need to enter the host as per using the protection.

Here you can see, the host is successfully identified, though not being tricky. Make sure not to include the protocol such as http or https, but just the hostname.

And hence you can easily identify the IP Addresses involved. In the bunch of them, the best thing is that check for the IP's containing the certificates for the domain as wildcard or for the given respective hostname. They have the most chances of being the real one.

Note:- One thing to deal with is that if probably you do not get any host in response, then probably any outdoor access is blocked or might be due to strict policy issues.

My other posts -

https://www.thedecentshub.tech/2021/09/csrf-via-get-requests-best-way-to-find.html

https://www.thedecentshub.tech/2021/09/performing-osint-on-twitter-accounts.html

https://www.thedecentshub.tech/2021/09/bug-bounty-series-subdomain-enumeration.html

https://www.thedecentshub.tech/2021/09/creating-deepfakes-first-order-motion-model-for-image-animation.html

https://www.thedecentshub.tech/2021/08/why-hacking-is-always-seen-from.html

https://www.thedecentshub.tech/2021/08/osintgram-perform-osint-on-instagram.html

https://www.thedecentshub.tech/2021/08/retrieve-user-information-using.html

https://www.thedecentshub.tech/2021/08/reverse-shell-using-excel.html

https://www.thedecentshub.tech/2021/08/reverse-shell-from-word-documents.html

So Guys, this much for this blog, if you like the content you can follow me up, can also subscribe to my YouTube channel. If you Guys want that I keep bringing this sort of Blogs and videos for you, you can show your support to me ...

    Buy me a coffee and show your Support 😊

Till Next Blog Guys, *TaTa*, Goodbye. I hope you enjoyed the Blog 😊