Karmel0x
commented
5 years ago Your problem is probably domain. If I understood correctly, it works this way: User (fake domain) <-> your host (proxy) <-> real service (correct domain) Cloudflare uses domain name length to solve challenge. So just make domain with the same length.
Another method is that you could manually (or by my script) solve challenge and include cf cookie in request between your host and real service (or set-cookie for user).
Testing Evilginx2, which is supposed to help me bypass 2FA on web servers by using the MITM proxy phishing attack. I run into problems with web servers using Cloud fare based JavaScript security to mitigate MITM proxy phishing techniques such Evilginx2.
This leaves my phishing domain hanging on cloud fare's DDOS protection page with the text below.
Checking your browser before accessing cloudflare-protected.site. This process is automatic. Your browser will redirect to your requested content shortly. Please allow up to 5 seconds… DDoS protection by Cloudflare Ray ID:
Anyway i can use this to bypass this issue?