HatCloud is a Cloudflare Security bypass tool made in ruby, it enables Pentesters to check against any IP leak which might expose the real IP address of a website which is protected by CloudFlare DNS.
CloudFlare Hiding IP Addresses
CloudFlare provides a service for website owners for distributed domain name servers, sitting between the visitor and the Cloudflare user’s hosting provider. Cloudflare protects identity by masking the real IP address of the webserver with their DNS change.
Cloudflare if not properly set up, at times tend to leak out IP Address of a web server, Hackers make use of such real IP address to target the server running the websites which they can not once identity is masked, although there are other ways of finding real identity aswell but that is not in the scope of this post.
How to Use HatCloud
HatCloud can be executed on a Linux based Operating System as the program is in ruby, its usage is pretty straight forward
$> ruby hatcloud.rb -b drhack.net
ruby hatcloud.rb –byp drhack.net
ofcourse replace drhack.net with your test website.
How HatCloud Works
HatCloud exposes real IP address of a website bypassing the Cloudflare masked IP address. HatCloud simply uses another website to pull the data and the script is not making any use of a vulnerability or bug within CloudFlare. Line 60 in hatcloud.rb shows
uri = URI (“http://www.crimeflare.com/cgi-bin/cfsearch.cgi“)
CrimeFlare.Com cfsearch.cgi script is being used by HatCloud to show us results, while CrimeFlare is maintaining a huge database on exposed and bypassed CloudFlare Website IP addresses.Check out CrimeFlare Online Website Scanner for exposed CloudFlare websites.
How safe is CloudFlare ?
CloudFlare is as safe as the stamina of someone who is after your web services, as the later increases the former ability decreases. We all know how Google and Cloudflare SSL services are making us fool ?