How hackers bypass cloudflare & other reverse proxy solutions
HTML-код
- Опубликовано: 11 сен 2024
- In this video, I go through how can you bypass reverse proxies put in place.
Books to get started on hacking:
1. Hacker's Handbook - amzn.to/4aH5msF
2. Real World Bug Hunting - amzn.to/48Msi7N
3. Certified Blackhat - amzn.to/3tG7QXB
4. Linux For Hackers - amzn.to/47plE6E
5. Black Hat Python - amzn.to/48N3k8D
PC I use: amzn.to/3S6XERh
NOTE: This video is purely for educational purposes.
Tags:
#reverse #proxy #ethicalhacking #ctf #bug #bounty #hacker #hacking #cloudflare #akamai #bypass
If cloudflare is correctly setup, you can't access the ip adress directly. This works in extremely précise cases.
There are still ways to bypass that, for example I know about XenForo bypass that will give you real IP. Most of XenForo websites don't know about that, but it's simple.
i can still see my server's real ip in email headers. is there a way to set up cloudflare to proxy emails?
If you do a whois don t u get the home ip?
Your mic sounds really good (after the video ends)
It did not work like this. Cloudflare proxy is in the datacenter of the customer it make a tunnel direktly to the internal ip the webservice did not have a direkt ip in public
The video talks about a misconfiguration. If you still have some doubts, I would suggest looking up some reports on H1 and even referring some cloudflare documentation around origin IP misconfiguration. That will help :)
@@RahulSinghInfosec thx I will Look at it
@@RahulSinghInfosec would u mind if u explain it in more Detail what u means also with h1
How can we use it in web scraping
Amazing information
if i got the orgin ip and the webpage loads ,so can i report it as a vulnerablity?
Yes def. I think it might be eligible for a bounty as well. I have seen a report on h1 which showed origin ip and waf bypass
@@RahulSinghInfosec Bro i reported it and got 100$ bounty
@@Exodus-ze1prseriously? for just finding out the real ip of the server?
@@RahulSinghInfosecwhat other entry level bounty hunting things are there besides revealing true ip?
@@Exodus-ze1pra digital bounty should be of a minimum of 1k
Can I talk to you
how to contact u ?
?
Meow 😂
despite being indian i liked your vídeo
🙄