What's new

Finding A Websites IP Behind Cloudflare/Reverse Proxy

RunAwayMuppet

Forum Guru
Elite
Joined
Jun 21, 2018
Posts
3,734
Solutions
5
Reaction
4,597
Points
1,564
Age
24
1. Web Server Errors

Web Server can return error codes, such as 404 or 403
In some cases, the web server will reveal its real IP, when returning an error of that type

This picture presents such a misconfiguration

If the site’s owner does not set the web server hostname to the domain or even better, creates custom error messages, this kind of leakage could be prevented

2. Application Errors

Causing an error in an application might cause the server to leak its IP address
If the error reporting is not set to off and the website has kind of the settings it had in development still running in production, you can play around a bit and try to cause an error
When it works, you will get something like “unexpected parameter ’ in application.php at xx.xxx.x.xxx”
I wanted to showcase this with a real-life example I had saved for my tutorial, but cannot seem to find it right now, will edit should I find it

3. Historical DNS data

One of the most promising methods if you ask me that will at least point you in a good direction
The dns trails feature of security trails will help you with this
It shows every DNS record that has ever been published for this domain
Lots of admins tend to first assign their domain to a single server, because “the site is not known yet”

However, this is a big mistake
The data can later be found and thus the real IP of the server


This Thread will probably be edited sometime in the future to provide an example for #2 or to expand it by more methods that come to my mind
 
You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.

1666664737110.png
 

Attachments

Last edited:
Back
Top