Using Websploit Cloudflare Resolver

Cloudflare is a company that provides a content delivery network and distributed DNS  services, Its between the visitor and the hosting provider of the Cloudflare user. This way Cloudflare is acting as a reverse proxy for websites and claims to protect, speed up, optimize and improve availability for a website. It also provides advanced DDOS protection for a website, including those targeting UDP and ICMP protocols. Cloudflare claims to protect more than millions of  website at the time of writing. The Websploit Cloudflare Resolver module claims to resolve the original IP address of the server protected by Cloudflare.

Steps:


Open a terminal and start websploit:

>websploit

Use the following command to show an overview of available modules from which we will select the Websplout Cloudflare Resolver module:

>show modules



Use the following command to set the cloudflare_resolver module so we can configure it’s parameters:

use web/cloudflare_resolver

Type the following command to show the available options for the Websploit Cloudflare Resolver module:

show options

We need to specify a hostname as target:


We will use the following command to set a target:

set target hostname

Now type the Run command to run the Websploit Cloudflare Resolver module against the specified target.

This website is not using Cloudflare, so it will display the webserver’s real IP address. Just tried this module on a couple websites using Cloudflare and it returns the Cloudflare IP address mostly. This module does return the IP addresses for sub-domains and sometimes this gives you useful information and non Cloudflare IP addresses but this could also be done by a simple ping on subdomains.