Hello once again!
Today, I am going to show how to bypass the 'Sucuri CloudProxy WebSite Firewall' which is same as the CloudFlare protection.
Here, the concept is same.. but anyways this is gonna help people who are looking out for specifically bypassing the 'Sucuri CloudProxy Website Firewall'.
Anyways, the people who already know the power of dns-based hosts enumeration can deal with any kind of such services when they have a good idea about the concept of DNS and subnets and internal networks.
Uhm, that being said.. lets begin with the process.
The first step is pinging the website to get the IP address from where we get reply.
As we can see the IP address 72.x.x.x, lets see what happens when we directly enter the IP in the browser.
Oh! See what we get, an erro stating Invalid URL.
We need not worry though, as this is just the beginning. *evil grin*
Lets start our work of troubling dns for hosts enumeration.
Here, I am using our favorite and easy to use tool 'fierce'
This comes by default with all the major Pentest distros, viz. BackTrack,Kali,Auditor, et al.
Those who don't have it can anyhow download it from ha.ckers.org/fierce/
After downloading, its much simpler to use too!
You just need to provide one parameter in this case.
Its as simple as below:
Just hit the above syntax and wait for the program to work, probably to work wonders!
After the completion of execution, you can see a report as below!
Our work is now to open the IPs in our browser.
I found the last IP interesting which shows that it maps to www1.bhaskar.com
Lets open the IP in the browser and see what happens!
Bingo! We did bypass the Sucuri or whatever CloudProxy to find the real IP of the host.
What next?
Start up with your port-scanning techniques, and all that stuff!
Yea..fire in the hole! :D
Today, I am going to show how to bypass the 'Sucuri CloudProxy WebSite Firewall' which is same as the CloudFlare protection.
Here, the concept is same.. but anyways this is gonna help people who are looking out for specifically bypassing the 'Sucuri CloudProxy Website Firewall'.
Anyways, the people who already know the power of dns-based hosts enumeration can deal with any kind of such services when they have a good idea about the concept of DNS and subnets and internal networks.
Uhm, that being said.. lets begin with the process.
The first step is pinging the website to get the IP address from where we get reply.
As we can see the IP address 72.x.x.x, lets see what happens when we directly enter the IP in the browser.
Oh! See what we get, an erro stating Invalid URL.
We need not worry though, as this is just the beginning. *evil grin*
Lets start our work of troubling dns for hosts enumeration.
Here, I am using our favorite and easy to use tool 'fierce'
This comes by default with all the major Pentest distros, viz. BackTrack,Kali,Auditor, et al.
Those who don't have it can anyhow download it from ha.ckers.org/fierce/
After downloading, its much simpler to use too!
You just need to provide one parameter in this case.
Its as simple as below:
Just hit the above syntax and wait for the program to work, probably to work wonders!
After the completion of execution, you can see a report as below!
Our work is now to open the IPs in our browser.
I found the last IP interesting which shows that it maps to www1.bhaskar.com
Lets open the IP in the browser and see what happens!
Bingo! We did bypass the Sucuri or whatever CloudProxy to find the real IP of the host.
What next?
Start up with your port-scanning techniques, and all that stuff!
Yea..fire in the hole! :D