Bypass CloudFlare Security with HatCloud

Written by Dr-Hack

HatCloud is a Cloudflare Security bypass tool made in ruby, it enables Pentesters to check against any IP leak which might expose the real IP address of a website which is protected by CloudFlare DNS.

CloudFlare Hiding IP Addresses

CloudFlare provides a service for website owners for distributed domain name servers, sitting between the visitor and the Cloudflare user’s hosting provider. Cloudflare protects identity by masking the real IP address of the webserver with their DNS change.

Cloudflare if not properly set up, at times tend to leak out IP Address of a web server, Hackers make use of such real IP address to target the server running the websites which they can not once identity is masked, although there are other ways of finding real identity aswell but that is not in the scope of this post.

How to Use HatCloud

HatCloud can be executed on a Linux based Operating System as the program is in ruby, its usage is pretty straight forward
$> ruby hatcloud.rb -b drhack.net
ruby hatcloud.rb –byp drhack.net

ofcourse replace drhack.net with your test website.

How HatCloud Works

HatCloud exposes real IP address of a website bypassing the Cloudflare masked IP address. HatCloud simply uses another website to pull the data and the script is not making any use of a vulnerability or bug within CloudFlare. Line 60 in hatcloud.rb shows
uri = URI (http://www.crimeflare.com/cgi-bin/cfsearch.cgi)

CrimeFlare.Com cfsearch.cgi script is being used by HatCloud to show us results, while CrimeFlare is maintaining a huge database on exposed and bypassed CloudFlare Website IP addresses.Check out CrimeFlare Online Website Scanner for exposed CloudFlare websites.

Must Read:  Stealing PINs via Mobile Sensors

Download HatCloud

How safe is CloudFlare ?

CloudFlare is as safe as the stamina of someone who is after your web services, as the later increases the former ability decreases. We all know how Google and Cloudflare SSL services are making us fool ?

  • sommer

    Hello everyone I want to sincerely and openly thank [email protected] for his service which saved me from infidelity and lies of my cheating husband, he was able to hack my partner’s phone so i listen to every call he either made or receive. He also hacked his email passwords and Facebook… I know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with him so he can even be at the best of his service to you. Do contact him by the email above.

Pin It on Pinterest