INTRO
Recently, we established a Cloudflare protection on our website as we saw
that some people are performing Dos attack on our lovely website. if you don’t know,
it is completely illegal to perform Dos against any website except if you own it.
you would need the owner permission to perform Dos attack.
So, the Cloudflare WAF hold the Dos attack very well. basically,
the WAF means web application firewall. A web application firewall filters, monitors,
and blocks HTTP traffic to and from a web application/website. you can read about this more from HERE.
Today, we are going to bypass the Cloudflare WAF or any other WAF with a very simple trick. actually
I discovered this bug in a website which I can’t name right now. they haven’t patched it yet.
I will write a separated article on that some days later. and it is a very low level vulnerability.
Before going further, I would like to suggest some of my previous articles. so you may understand this tutorial better:
it would be so great for you to take a look at these links before reading more from here.
these articles have information about IP, firewall and hosts file in Linux. the first one(/etc/hosts) is must to read.
because we are going to use the same file here.
ATTACK
This process is going to be short and simple. let’s move on Wafw00f tool first.
it is a tool that can tell if the given website is protected by some firewall or not.
for example, we have a website “https://gchq.github.io/CyberChef/”. it is a very useful website for CTFrs.
it is useful in many ways. but let’s just keep it apart. we will discuss it some other day.
So, if we want to check if the website has some kind of firewall or something, we will use Wafw00f tool:
Type this command:
wafw00f https://gchq.github.io/CyberChef/The website has Fastly (Fastly CDN) WAF. you can know more about this WAF from HERE.
Screenshot:
Well, sometimes it doesn’t work with the domain.
if you see no result with domain then use the IP of the domain.
You can get IP of a domain with dig command:
dig gchq.github.ioScreenshot:
then the command would be :
wafw00f 185.199.111.153Screenshot:
look at the output, it says “Fastly (Fastly CDN) WAF” as before.
But the tutorial is to bypass the WAF not only to show you the WAF name.
well, there are two methods whereby we can bypass WAF.
# Method 1.
I knew this method already. and it works very well in some cases. for example,
we have a website “example.in” which is protected by Cloudflare. now, we need to see it’s IP.
you can use dig or Nmap.
Type this command to see the IP of a website:
dig example.inAfter that, type the IP in the URL instead of the domain.
if you are allowed to visit the website with its IP then congratulations because you just bypassed the WAF on the site.
but if you some error like ” Direct IP is not allowed”.
# Method 2.
This Method is a little different from the first one. in this method,
if you are getting the “Direct IP is not Allowed” error. then there is a little chance that we can solve it.
actually I don’t know if it works or not. because it was told to me by my friend. but I think there is nothing wrong to try.
To solve this, we can add the host to the /etc/hosts file.
Type this command to edit the /etc/hosts.
nano /etc/hostsScreenshot:
And that’s it. you can visit the website with IP again and see if it works.
Link copy :
https://technicalnavigator.in/how-to-bypass-cloudflare-on-a-vulnerable-website-wafw00f-tool/