Webmaster Security

Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

Submitted by Rigzorra, , Thread ID: 35992

Thread Closed
09-06-2017, 07:43 PM
#1
Server Logging
This is probably the most common used method. You can set up a link on the site and get the server to visit/host it. Sometimes when you post an image on a site (a forum for example) the server will visit the link to preview it or host it on the forum on its own. We can use this to our advantage, getting the server to visit an IP logger will give us its IP address.

A good example for this would be image IP logging. You can create an image IP logger and embed the image onto the site. If it wants to host the image on its own server, itll have to visit the link to do so. Upon going to your link to retrieve the image, the servers backend should be logged.

Image IP loggers:
https://iplogger.org/
http://www.fuglekos.com/ip-grabber/index.html
https://grabify.link/



Email Resolving
You can use an email hosted with the site to find the backend servers IP by looking at it's headers. Youll just have to trigger the site to send an automated email to you.

A good way to do this would just be to simply make an account on the site. Most sites send you some sort of welcome/activation email upon registration. Doing a password reset also works.



Hosting History
If the site has been hosted on it's actual IP for a while prior to using a firewall, it's possible that bots have accessed it before and cached the information. Look up the site's hosting history and you might be able to find something.

Site report lookups:
http://toolbar.netcraft.com/site_report
http://viewdns.info/iphistory/
http://www.domainhistory.net/



Subdomain Resolving
The site could have subdomains whose records are under the real server's IP and not protected by the firewall. Try resolving the subdomains instead.

E.g. connecting to example.com will have an IP address belonging to Cloudflare, but mail.example.com is not protected by Cloudflare. Use that to your advantage.

http://www.domainhistory.net/



Feel free to suggest anymore methods or corrections. Enjoy.
1

RE: Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

#2
This is actually a well demonstrated thread. Props my dude.
Methods are simple, and heavily used, but not widely known. Smile
[Image: giphy.gif]

RE: Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

#3
Pretty nice post.

the thing about Email Resolving
I have tried that once on an outlook mail but it's hiding the IP.
or I'm a just noob at that.
[Image: wsUuw16j6oyxLLRnnK.gif]

RE: Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

#4
13-06-2017, 06:11 PM
Yondu Wrote:
Pretty nice post.

the thing about Email Resolving
I have tried that once on an outlook mail but it's hiding the IP.
or I'm a just noob at that.

It's for resolving domain emails.

For example, my website is ournightfalls.com
And my email is [email protected], and you can resolve the email for my specific domain.

When you tried to resolve the outlook mail, you resolved outlooks IP lmao
[Image: giphy.gif]
1

RE: Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

#5
Thank you very much appreciate you :O

Users browsing this thread: 3 Guest(s)