Cloudflare IP Grabbing POC https://www.falsywinch.net/YourIpAddress This is purely a proof of concept and no information is logged by me at this URL or any other except one other url which sends data to a google bucket. When the logging is active, the whole process from you pressing enter at your browser to the final result being loaded takes ~30ms to happen. This POC proves that cloudflare workers can be used to MITM traffic destined for secure websites and extract information about client sessions connected to a domain, including IP's. Cloudflare could also easily open their doors to other sources of authority looking to add "workers" to "domains" that would essentially perform the exact same tasks, without the domain owner knowing about it. It is known that cloudflare is a potential security liability- this just makes it more obvious. Using cloudflare, I can quickly get the following JSON blob, this censored example used is from a known botnet: {"IP":"103.142.140.*","URL":"https://www.falsywinch.net/admin?g72306149495b1929170348415p23221724695e227986192022B","Country":"SG","Browser":"Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0","Timestamp":"1625724521662"}, Using this, I am able to get the URL along with some fingerprinting, a timestamp, and an IP. I could also code up additional functions to do other things before the user is redirected. Note: Please do not fuzz my website. I am on food stamps, extremely poor, and I could barely afford the domain($15), the cloudflare worker($5), and the google bucket(free up to a point). I already got fuzzed to nearly a million requests in 5 minutes and I locked some things down, but still. |