CloudFlare – Find real server ip

How to find out the real IP address of the site under protection from CloudFlare.

Today, services against DDoS attacks that hide a real IP address, such as CloudFlare, Incapsula and Antiddos.biz, are becoming more common. I think it makes no sense to explain how important and useful it is to determine the real IP address of the server. Therefore, in this article I will share the algorithm that I follow during audits, when I have to participate in the game “Find my real IP”. In five steps, I will teach you how to find out the real IP address of the site for DDoS protection.

Method 1: How to find out the real IP address through subdomains

Simple script on the bash.

#!/bin/bash

display_usage() {
echo "This script check connection to list of URLs with specified host."
echo -e "\nUsage:\n$0 ipsfile hostname\n"
echo -e "\nExample:\n$0 moz-com.list moz.com\n"
}

if [ $# -le 1 ]
then
display_usage
exit 1
fi

while read -r line; do
response_http=$(curl -H "Host: $2" --connect-timeout 5 --write-out "code: %{http_code}, length: %{size_download}, redirect: %{redirect_url}" --silent --output /dev/null -k http://$line)
response_https=$(curl -H "Host: $2" --connect-timeout 5 --write-out "code: %{http_code}, length: %{size_download}, redirect: %{redirect_url}" --silent --output /dev/null -k https://$line)
echo "HTTP: $line response [ $response_http ]"
echo "HTTPS: $line response [ $response_https ]"
done < "$1"

Method 2: How to find out the real IP address through history

The second step is simple, but at the same time the most effective. The point is to find the old IP address of the domain. Perhaps now he is hidden, but earlier, perhaps he was “naked.”

https://viewdns.info/iphistory/

http://ptrarchive.com/

curl -H "Host: www.sitecom" https://site_ip -k

dig @old.ns.server.pes.com pes.com

 

 

w

Leave a comment

Your email address will not be published. Required fields are marked *