Dr-HackHatCloud is a Cloudflare Security bypass tool made in ruby, it enables Pentesters to check against any IP leak which might expose the real IP address of a website which is protected by CloudFlare DNS.
CloudFlare Hiding IP Addresses
CloudFlare provides a service for website owners for distributed domain name servers, sitting between the visitor and the Cloudflare user’s hosting provider. Cloudflare protects identity by masking the real IP address of the webserver with their DNS change.
Cloudflare if not properly set up, at times tend to leak out IP Address of a web server, Hackers make use of such real IP address to target the server running the websites which they can not once identity is masked, although there are other ways of finding real identity aswell but that is not in the scope of this post.
How to Use HatCloud
HatCloud can be executed on a Linux based Operating System as the program is in ruby, its usage is pretty straight forward
$> ruby hatcloud.rb -b drhack.net
or
ruby hatcloud.rb –byp drhack.net
ofcourse replace drhack.net with your test website.
How HatCloud Works
HatCloud exposes real IP address of a website bypassing the Cloudflare masked IP address. HatCloud simply uses another website to pull the data and the script is not making any use of a vulnerability or bug within CloudFlare. Line 60 in hatcloud.rb shows
uri = URI (“http://www.crimeflare.com/cgi-bin/cfsearch.cgi“)
CrimeFlare.Biz cfsearch.cgi script is being used by HatCloud to show us results, while CrimeFlare is maintaining a huge database on exposed and bypassed CloudFlare Website IP addresses.Check out CrimeFlare Online Website Scanner for exposed CloudFlare websites.
Which CrimeFlare Domain is Original ?
CrimeFlare.com was the initial domain later they procured crimeflare.org:82 and crimeflare.biz:82 , as of now all three are held by CrimeFlare Squad
How safe is CloudFlare ?
CloudFlare is as safe as the stamina of someone who is after your web services, as the later increases the former ability decreases. We all know how Google and Cloudflare SSL services are making us fool ?
Taj S
Abdul Raziq
Hello everyone I want to sincerely and openly thank [email protected] for his service which saved me from infidelity and lies of my cheating husband, he was able to hack my partner’s phone so i listen to every call he either made or receive. He also hacked his email passwords and Facebook… I know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with him so he can even be at the best of his service to you. Do contact him by the email above.