How to bypass CloudFlare bot protection ?

Our DNS zone (you can use what ever IP you want)
Our route to the worker
>>> from cfproxy import CFProxy
>>> proxy = CFProxy('proxy.domain.com', 'A random User-Agent', '1.2.3.4')
>>> req = proxy.get('https://icanhazip.com')
>>> print(req.status_code)
200
>>> print(req.text)
108.162.229.50
You can use any other trigger
  • ACCEPT: */*
  • ACCEPT-ENCODING: gzip
  • CDN-LOOP: cloudflare; subreqs=1
  • CF-CONNECTING-IP: 2a06:98c0:3600::103 (could be any Cloudflare IP)
  • CF-EW-VIA: 15
  • CF-RAY: [REDACTED]
  • CF-REQUEST-ID: [REDACTED]
  • CF-VISITOR: {"scheme":"https"}
  • CF-WORKER: yourdomain.com (OPSEC Warning !)
  • CONNECTION: Keep-Alive
  • HOST: www.whatismybrowser.com
  • USER-AGENT: My Random User-Agent
  • X-FORWARDED-FOR: 1.2.3.4 (yes, we can override this header with whatever we want !)
  • X-FORWARDED-PROTO: https
If it’s not a bug it’s a feature …

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Working the Oscar Magic: A Story of Extreme Growth, A Mighty Team, and Oscar’s Building Blocks

Co-workers collaborating

My Foray into Computing

Adding Boss Damage VFXs in Unity

[Webinar] Deploying scalable Meteor and Node applications with DigitalOcean and Cloud 66

ROP64 — PicoCTF2019

Hello World!!! of Kubernetes [Part 1]

Successful Launch & More🎉

Sushiswap Listing and More

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jychp

jychp

More from Medium

Android Pentest Lab Setup: A Comprehensive Guide for Beginners in Mobile Pentesting

Kioptrix Level 3 — VulnHub

Web Exploitation picoCTF: login

How to hack a Web App {mini-series} Part 1: Footprinting a web infrastructure