CloudFlare is one of the most popular CDN provider who offers a complete package of WAF i.e. Web Application Firewall and DDOS Protection (Distributed Denial of Service) for websites.
List of Features –
- Stop attacks directed at a website
- Dynamically modify content in order to improve performance
- Insert applications into web pages
- Provide rich analytics on all the requests to your website
- Automatically determine what objects are static and cacheable at the network’s edge without any user configuration
- Provide a network gateway between protocols like IPv6 \ IPv4
- Make installing SSL flexible and one-click easy
- Original Server IP Masking
etc
With the help of CloudFlare, you can easily hide your original server hosting IP address whether its Ipv4 or Ipv6. You can setup your domain with CloudFlare in just less than 5 minutes with no code changes required. They’ve around more than 100+ data centers around the world which helps your site to push and load faster.
But there is one website (http://www.crimeflare.com/cfs.html) which claims that they can easily find the original IP behind any CloudFlare service. CrimeFlare also maintains a database of IPs that appear to have been exposed.
Functionality –
When you use CloudFlare service, an SSL/TLS certificate is automatically registered by CloudFlare for your domain. This means that traffic going to your site is initially encrypted when it hits CloudFlare’s servers. In order to maintain a trusted certificate, you must prove to some level of degree that you are the owner of a domain.
This burden of proof, and trust mechanism makes it easy to associate true server IPs to CloudFlare protected domains. By utilizing large data sets that have been scraped from the Internet, it’s possible to find non-CloudFlare servers by associating previously generated certificates with live hosts.
Find Real IP with the help of Censys.io –
Censys.io is a great resource that relies on data sets from Scans.io. Both are incredible repositories of information that have been gathered by scanning the Internet at regular intervals. There are multiple types of scans from DNS and FTP to HTTP/HTTPS scans of all public IPv4 space. Censys has graciously offered a public API for researchers to use. We are going to use the scraped certificates from across the Internet to identify potential servers hiding behind CloudFlare.
Steps to configure Censys.io –
In very first step, you need to register a free account on Censys.io.
Verify that newly created account with your mail. (You can use any mail service provider).
After that Go to My Account and you’ll see a section named as API Credentials. Note down both API ID and Secret ID.
Download Cloudsnare script which is a python based script. Edit your python file with API ID and Secret ID details.
And at the end you also need to install the censys package which you can easily install by typing:
Command: pip install censys
Now finally Run Cloudsnare script by typing “python cloudsnare.py website.com”
Mitigation –
You should restrict inbound traffic to your HTTP/HTTPs ports, and only allow connections from CloudFlare IPs. If you are worried about CloudFlare changing IP space, you can use your host’s default domain while registering certificates.
Reference – http://www.chokepoint.net/
You may also like:- Most Common DNS Record Types and Their Roles
- Top Skills Needed to Become a Cybersecurity Analyst
- Mastering Windows Management with WMIC Commands – Top 20 Examples
- Edit and Compile Code with the Best 5 Code Editors
- 50+ Top DevSecOps Tools You Need To Know
- Learn How to Add Proxy and Multiple Accounts in MoreLogin
- Some Useful PowerShell Cmdlets
- Create Free SSL Certificate – ZEROSSL.COM [2020 Tutorial]
- Generate Self-Signed SSL Certificate with OPENSSL in Kali Linux
- RDP – CredSSP Encryption Oracle Remediation Solution 2020