CloudFlare is one of the most popular CDN provider who offers a complete package of WAF i.e. Web Application Firewall and DDOS Protection (Distributed Denial of Service) for websites.
List of Features
- Stop attacks directed at a website
- Dynamically modify content in order to improve performance
- Insert applications into web pages
- Provide rich analytics on all the requests to your website
- Automatically determine what objects are static and cacheable at the network’s edge without any user configuration
- Provide a network gateway between protocols like IPv6 \ IPv4
- Make installing SSL flexible and one-click easy
- Original Server IP Masking
But there is one website (http://www.crimeflare.com/cfs.html) which claims that they can easily find the original IP behind any CloudFlare service. CrimeFlare also maintains a database of IPs that appear to have been exposed.
When you use CloudFlare service, an SSL/TLS certificate is automatically registered by CloudFlare for your domain. This means that traffic going to your site is initially encrypted when it hits CloudFlare’s servers. In order to maintain a trusted certificate, you must prove to some level of degree that you are the owner of a domain.
This burden of proof, and trust mechanism makes it easy to associate true server IPs to CloudFlare protected domains. By utilizing large data sets that have been scraped from the Internet, it’s possible to find non-CloudFlare servers by associating previously generated certificates with live hosts.
Find Real IP with the help of Censys.io
Censys.io is a great resource that relies on data sets from Scans.io. Both are incredible repositories of information that have been gathered by scanning the Internet at regular intervals. There are multiple types of scans from DNS and FTP to HTTP/HTTPS scans of all public IPv4 space. Censys has graciously offered a public API for researchers to use. We are going to use the scraped certificates from across the Internet to identify potential servers hiding behind CloudFlare.
Steps to configure Censys.io
In very first step, you need to register a free account on Censys.io.
Verify that newly created account with your mail. (You can use any mail service provider).
After that Go to My Account and you’ll see a section named as API Credentials. Note down both API ID and Secret ID.
Download Cloudsnare script which is a python based script. Edit your python file with API ID and Secret ID details.
And at the end you also need to install the censys package which you can easily install by typing:
pip install censys
Now finally Run Cloudsnare script by typing “python cloudsnare.py website.com”
You should restrict inbound traffic to your HTTP/HTTPs ports, and only allow connections from CloudFlare IPs. If you are worried about CloudFlare changing IP space, you can use your host’s default domain while registering certificates.
Reference – http://www.chokepoint.net