July 29, 2021

How to Bypass Cloudfare ?

In this article, we are telling you about how to bypass cloudfare. you must have also noticed many times when you bug bounty, in which case you need to bypass cloudfare.

Here we are telling you how hackers bypass Cloudfare or how you can bypass Cloudfare while bug bounty so that you can do bug hunting.

All this is being told to you for educational purpose, here we are telling you practically how you can bypass cloudfare, never miss use it in any way.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Cloudfare Security ?

How to Bypass Cloudfare Before going about it, you should know what it is and why we need to bypass Cloudfare, only then you can do it, let’s know about it

Here we want to tell you if you are a hacker and want to hack a website or perform any kind of attack like your cross site scripting attacks, Sql injection attacks, OS command injection or whatever.

If cloudfare is used on the targeted website, then hackers are unable to perform an attack on that website, here they need to bypass Cloudfare and origin IP address to bypass Cloudfare.

Bypass Cloudfare

As we all know that all websites have their own unique IP address, in such a way, if we visit the website through the domain name, in this way cloudfare prevents the attackers but if we somehow find the origin IP address. In this way we can bypass Cloudfare.

Here we are telling you all this practically but it does not mean that there is only one way to bypass Cloudfare, in such an easy language, if you tell us then you can do whatever you want, just you have to find the origin IP address.

Also Read

What is json vulnerabilities owasp

What is http request smuggling vulnerability

What is websockets security vulnerabilities

How to Bypass Cloudfare ?

Let us now tell you about how to bypass cloudfare, how you can bypass cloudfare of websites and how, here it is being told practically to you.

How to Bypass Cloudfare

We are telling you this practical by taking the example of hackerone’s website as you can see in the image, here we are telling you using wappalyzer extension, you can find it at the chrome store.

Here you are not being told to install it because everyone knows it, you have to install it, it tells you information about all the websites, what has been used on that website.

As you can see here we have used cloudfare on hackerone website, it is being shown about it, here through hackerone, we reach another website where you have been told by bypassing cloudfare for example.

 Bypass Cloudfare

As you can see in the image, we get an IP address on ping through CMD, in such a way, we cannot visit the website through this IP address, in such a way we have found its second IP address through whois.

Bypass Cloudfare

As you can see, you have to do something in this way, here we want to clear you one thing that it is not that you do not get IP address through CMD. It is also very often that you get IP through CMD only.

What is oauth 2.0 authentication vulnerability

Bypass Cloudfare

In such a situation, when he tries to visit the website through the IP address, you can see that the direct IP address gets this not allowed option, in such a way, we have to find more IP address.

What is web cache poisoning vulnerability

To do this work, we are using the censys website, here we have to give our target and you will be able to see that you get to see many types of IP address here, one by one through all the IP address we have to open hackerone website.

As you can see in the image, you get such IP address here where you have already been told that you cannot access the direct IP address, in such a way we can burpsuite through another website through hackerone website can find the origin IP address.

What is server side request forgery ssrf

As you have been told, in order to bypass cloudfare of any website, the origin IP address is required, here you can not be told how to do it with the help of burp suite, there are some limitations here.

In such a situation, we have got an IP address where we are told cloudfare when accessing the website, but we are not shown cloudfare in any way when the IP address is open through.

As you can see in the above image, when the website is accessed through the domain name, in this way we were shown cloudfare but IP address is not shown through cloudfare, similarly cloudfare is bypassed.

Here we want to tell you again that you can do whatever you want, now it depends on you what you do to find the origin IP address. Once you get the origin IP address, you can bypass cloudfare.

What is insecure deserialization vulnerability

The Conclusion

I hope that now you know about how to bypass cloudfare, we have practically told you about how to bypass cloudfare, just like you can bypass cloudfare on any website.

Here you just have to find the origin ip address in some way if you have any kind of question related to How to Bypass cloudfare, in such a way you can ask us in the comment.

I hope that you will definitely like this article of our How to Bypass cloudfare, in such a way, you will also share this article with us, we have given you many types of articles on bug hunting.

If you have not read our bug hunting articles, in such a way you can also read them, if you read any article on our website, do not ever skip it because you are told everything in detail.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:
Translate »
error: Content is protected !!