How to bypass CloudFlare bot protection ?

Our DNS zone (you can use what ever IP you want)
Our route to the worker
>>> from cfproxy import CFProxy
>>> proxy = CFProxy('', 'A random User-Agent', '')
>>> req = proxy.get('')
>>> print(req.status_code)
>>> print(req.text)
You can use any other trigger
  • ACCEPT: */*
  • CDN-LOOP: cloudflare; subreqs=1
  • CF-CONNECTING-IP: 2a06:98c0:3600::103 (could be any Cloudflare IP)
  • CF-EW-VIA: 15
  • CF-VISITOR: {"scheme":"https"}
  • CF-WORKER: (OPSEC Warning !)
  • CONNECTION: Keep-Alive
  • HOST:
  • USER-AGENT: My Random User-Agent
  • X-FORWARDED-FOR: (yes, we can override this header with whatever we want !)
If it’s not a bug it’s a feature …




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Working the Oscar Magic: A Story of Extreme Growth, A Mighty Team, and Oscar’s Building Blocks

Co-workers collaborating

My Foray into Computing

Adding Boss Damage VFXs in Unity

[Webinar] Deploying scalable Meteor and Node applications with DigitalOcean and Cloud 66

ROP64 — PicoCTF2019

Hello World!!! of Kubernetes [Part 1]

Successful Launch & More🎉

Sushiswap Listing and More

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Android Pentest Lab Setup: A Comprehensive Guide for Beginners in Mobile Pentesting

Kioptrix Level 3 — VulnHub

Web Exploitation picoCTF: login

How to hack a Web App {mini-series} Part 1: Footprinting a web infrastructure