Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Origin IP bypass For Cloudflare | This made me Leaderboard for Hackerone | pjborah

Origin IP bypass For Cloudflare | This made me Leaderboard for Hackerone | pjborah

Bypass origin ip protection which allow to bypass all cloudflare protection

Pj borah

May 15, 2021
Tweet

More Decks by Pj borah

Other Decks in Technology

Transcript

  1. Bypass Origin IP I will show you a simple way

    to get round this problem to bypass Cloudflare for your long-running tasks without exposing your IP address through the DNS system. I found Encountered Different Website which PUT me hacker one program leader board Under top 10 for Different Website By: P J Borah Instagram: @pj_boorah linkedin: pallab-jyoti-borah-20874a18 Twitter: @PJBorah2 VAPT Analyst | Bugbounty hunter
  2. Who Am I ? Instagram: @pj_boorah linkedin: pallab-jyoti-borah-20874a18 Twitter: @PJBorah2

    VAPT Analyst Bugcrowd top 240 Ranked Certified Ethical Hacker Certified Penetration Testing Engineer Security researcher at Microsoft , Apple, Google
  3. Bypass Origin IP Which Protected By Cloudflare And Which allow

    To bypass All Cloud Flare Protection Schema . What Is Cloud flare? that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. What We Are going to Discuss
  4. I basically Use www.shodan.io & censys.io How to find Use

    Search Engine Shodan I used: ssl.cert.subject.CN:"*target.com"
  5. POC For This Trick I am in Leader Board top

    10 For Hackerone Public Program Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Always Use Shodan This May Give You Bounty
  6. POC For This Trick I am in Leader Board top

    10 For Hackerone Public Program Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Always Use Shodan This May Give You Bounty
  7. Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2

    linkedin: pallab-jyoti-borah-20874a18 Steps1: Using http://www.crimeflare.org:82/cfs.html crimeflare help you to find out Origin IP
  8. Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2

    linkedin: pallab-jyoti-borah-20874a18 Step2: Using Host Command curl host target.com
  9. Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2

    linkedin: pallab-jyoti-borah-20874a18 Step3: Different Ways Are : XML-RPC Pingback https://blog.detectify.com/2019/07/31/bypassing-cloudflare-waf- with-the-origin-server-ip-address/ Bypass firewalls by abusing DNS history https://github.com/vincentcox/bypass-firewalls-by-DNS-history CloudFail https://github.com/m0rtem/CloudFail