Extreme Hacking
Advanced Ethical Hacking Institute in Pune

In this tutorial we will be testing and using the Cloudflare resolver module in Websploit on Kali Linux. Cloudflare is a company that provides a content delivery network and distributed DNS (Domain Name Server) services, sitting between the visitor and the hosting provider of the Cloudflare user. This way Cloudflare is acting as a reverse proxy for websites and claims to protect, speed up, optimize and improve availability for a website. Cloudflare also provides advanced DDOS protection for a website, including those targeting UDP and ICMP protocols. Cloudflare claims to protect more than 2 million website at the time of writing. The Websploit Cloudflare Resolver module claims to resolve the original IP address of the server protected by Cloudflare.

Websploit Cloudflare Resolver Tutorial

Open a terminal and start websploit with the following command:

websploit

Use the following command to show an overview of available modules from which we will select the Websplout Cloudflare Resolver module:

show modules

Websploit Cloudflare Resolver Module Tutorial 1

Use the following command to set the cloudflare_resolver module so we can configure it’s paramters:

use web/cloudflare_resolver

Type the following command to show the available options for the Websploit Cloudflare Resolver module:

show options

We need to specify a hostname as target:

Websploit Cloudflare Resolver Module Tutorial 2

We will use the following command to set a target:

set target [hostname]

Now type the Run command to run the Websploit Cloudflare Resolver module against the specified target.

extremehacking.org is not using Cloudflare so it will display the webserver’s real IP address. I tried this module on a couple websites using Cloudflare and it returns the Cloudflare IP address mostly. This module does return the IP addresses for sub-domains and sometimes this gives you useful information and non Cloudflare IP addresses but this could also be done by a simple ping on subdomains.

www.extremehacking.org
CEHv8 CHFIv8 ECSAv8 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India,IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune