Thursday, 27 October 2022

How to Bypass Cloudflare on a Vulnerable Website | Wafw00f tool

 ATTACK

This process is going to be short and simple. let’s move on Wafw00f tool first. it is a tool that can tell if the given website is protected by some firewall or not. for example, we have a website “https://gchq.github.io/CyberChef/”. it is a very useful website for CTFrs. it is useful in many ways. but let’s just keep it apart. we will discuss it some other day.

So, if we want to check if the website has some kind of firewall or something, we will use Wafw00f tool:

Type this command:

wafw00f https://gchq.github.io/CyberChef/

The website has Fastly (Fastly CDN) WAF. you can know more about this WAF from HERE.

Screenshot:

 

Well, sometimes it doesn’t work with the domain. if you see no result with domain then use the IP of the domain.

You can get IP of a domain with dig command:

dig gchq.github.io

Screenshot:

then the command would be :

wafw00f 185.199.111.153

Screenshot:

 

look at the output, it says “Fastly (Fastly CDN) WAF”  as before.

But the tutorial is to bypass the WAF not only to show you the WAF name. well, there are two methods whereby we can bypass WAF.

 # Method 1.

I knew this method already. and it works very well in some cases. for example, we have a website “example.in” which is protected by Cloudflare. now, we need to see it’s IP. you can use dig or Nmap.

Type this command to see the IP of a website:

dig example.in

After that, type the IP in the URL instead of the domain. if you are allowed to visit the website with its IP then congratulations because you just bypassed the WAF on the site. but if you some error like ” Direct IP is not allowed”.

 # Method 2.

This Method is a little different from the first one. in this method, if you are getting the “Direct IP is not Allowed” error. then there is a little chance that we can solve it. actually I don’t know if it works or not. because it was told to me by my friend. but I think there is nothing wrong to try.

To solve this, we can add the host to the /etc/hosts file.

Type this command to edit the /etc/hosts.

nano /etc/hosts

Screenshot:

And that’s it. you can visit the website with IP again and see if it works.

 

Stay home, stay safe and keep reading our articles.

-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)