API tools faq
paste
payloadartist

Find Origin Server IP behind Cloudflare

payloadartist
Nov 26th, 2018
1,084
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Markdown 1.29 KB | None | 0 0
raw download clone embed print report

Checking DNS history to locate Origin Server behind Cloudflare - Quick Notes

1. DnsTrails - Check DNS logs/History of Example.com

Notice the changes in the Server IPs over brief periods of time. DNSTrails tracks them well, but it's still not the best, I have seen a lot of information missing in case of some domains. When I add more notes, you will get to see how to combine different OSINT/Reconnaissance tools to find more information which DNSTrails lacks, via other sources.

Impact -

  • WAF Bypass

    • XSSi filter bypass
    • SQLi filter bypass

  • DoS/DDoS Attacks mitigation bypass

Your XSS/SQLi/other payload gets stuck in the middle due to WAF/Cloudflare?

Well, let's find the Historical Records relating to the domain(s) of an organisation using DNSTrails. Once, you find the origin server IP there, and if luckily it hasn't changed or, been firewalled in turn, you may have hit a jackpot (bounty, if it's in program scope).

If you successfully located the Origin Server IP address, then you can effectively bypass the WAF and DoS/DDoS attack mitigations implemented using Cloudflare. Since, network requests in this case would be directly sent to Origin server, hence Cloudflare wouldn't act as an intermediate WAF.

Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!