Origin IP bypass For Cloudflare | This made me Leaderboard for Hackerone

Slide 1

Slide 1 text

Bypass Origin IP I will show you a simple way to get round this problem to bypass Cloudflare for your long-running tasks without exposing your IP address through the DNS system. I found Encountered Different Website which PUT me hacker one program leader board Under top 10 for Different Website By: P J Borah Instagram: @pj_boorah linkedin: pallab-jyoti-borah-20874a18 Twitter: @PJBorah2 VAPT Analyst | Bugbounty hunter

Slide 2

Slide 2 text

Who Am I ? Instagram: @pj_boorah linkedin: pallab-jyoti-borah-20874a18 Twitter: @PJBorah2 VAPT Analyst Bugcrowd top 240 Ranked Certified Ethical Hacker Certified Penetration Testing Engineer Security researcher at Microsoft , Apple, Google

Slide 3

Slide 3 text

Bypass Origin IP Which Protected By Cloudflare And Which allow To bypass All Cloud Flare Protection Schema . What Is Cloud flare? that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. What We Are going to Discuss

Slide 4

Slide 4 text

Or use wappalyzer Check If website has cloud flare whatweb www.target.com

Slide 5

Slide 5 text

I basically Use www.shodan.io & censys.io How to find Use Search Engine Shodan I used: ssl.cert.subject.CN:"*target.com"

Slide 6

Slide 6 text

POC For This Trick I am in Leader Board top 10 For Hackerone Public Program Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Always Use Shodan This May Give You Bounty

Slide 7

Slide 7 text

POC For This Trick I am in Leader Board top 10 For Hackerone Public Program Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Always Use Shodan This May Give You Bounty

Slide 8

Slide 8 text

Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Steps1: Using http://www.crimeflare.org:82/cfs.html crimeflare help you to find out Origin IP

Slide 9

Slide 9 text

Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Step2: Using Host Command curl host target.com

Slide 10

Slide 10 text

Different way to find Origin IP Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18 Step3: Different Ways Are : XML-RPC Pingback https://blog.detectify.com/2019/07/31/bypassing-cloudflare-waf- with-the-origin-server-ip-address/ Bypass firewalls by abusing DNS history https://github.com/vincentcox/bypass-firewalls-by-DNS-history CloudFail https://github.com/m0rtem/CloudFail

Slide 11

Slide 11 text

End Instagram: @pj_boorah Twitter: @PJBorah2 linkedin: pallab-jyoti-borah-20874a18