[*] Retrieving Cloudflare IP ranges from https://www.cloudflare.com/ips-v4

[fdguyg8]

i enter python cloudflair.py myvulnerable.site [*] Retrieving Cloudflare IP ranges from https://www.cloudflare.com/ips-v4 Traceback (most recent call last): File "/home/iu/cloudflair/cloudflair.py", line 4, in <module> import cloudflare_utils File "/home/iu/cloudflair/cloudflare_utils.py", line 47, in <module> cloudflare_subnets = [ipaddress.ip_network(ip_range) for ip_range in cloudflare_ip_ranges] File "/home/iu/cloudflair/cloudflare_utils.py", line 47, in <listcomp> cloudflare_subnets = [ipaddress.ip_network(ip_range) for ip_range in cloudflare_ip_ranges] File "/usr/lib/python3.9/ipaddress.py", line 83, in ip_network raise ValueError('%r does not appear to be an IPv4 or IPv6 network' % ValueError: '<!DOCTYPE html>' does not appear to be an IPv4 or IPv6 network

I've already completed pip install -r requirements.txt

[christophetd]

I just tried it, seems to be working for me:

$ python cloudflair.py medium.com
[*] Retrieving Cloudflare IP ranges from https://www.cloudflare.com/ips-v4
[*] The target appears to be behind CloudFlare.
[*] Looking for certificates matching "medium.com" using Censys
[*] 17 certificates matching "medium.com" found.
[*] Looking for IPv4 hosts presenting these certificates...
[*] 23 IPv4 hosts presenting a certificate issued to "medium.com" were found.

Is it possible CloudFlaire blocked your IP when requesting the list of IPs? Can you try this and let me know what you get?

curl -v https://www.cloudflare.com/ips-v4

[fdguyg8]

i run commands with ip tor here's what gave me `* Trying 104.16.124.96:443...

• Connected to www.cloudflare.com (104.16.124.96) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• CAfile: /etc/ssl/certs/ca-certificates.crt
• CApath: /etc/ssl/certs
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
• TLSv1.3 (IN), TLS handshake, Certificate (11):
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
• TLSv1.3 (IN), TLS handshake, Finished (20):
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.3 (OUT), TLS handshake, Finished (20):
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=www.cloudflare.com
• start date: Sep 18 00:00:00 2021 GMT
• expire date: Sep 17 23:59:59 2022 GMT
• subjectAltName: host "www.cloudflare.com" matched cert's "www.cloudflare.com"
• issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
• SSL certificate verify ok.
• Using HTTP2, server supports multiplexing
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
• Using Stream ID: 1 (easy handle 0x56478775a790)

  GET /ips-v4 HTTP/2 Host: www.cloudflare.com user-agent: curl/7.81.0 accept: /

• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• old SSL session ID is stale, removing
• Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 403 < date: Thu, 21 Apr 2022 18:15:12 GMT < content-type: text/html; charset=UTF-8 < cf-chl-bypass: 1 < permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() < cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 < expires: Thu, 01 Jan 1970 00:00:01 GMT < x-frame-options: SAMEORIGIN < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < set-cookie: __cf_bm=8qMa15OJUAksVf_GeS450MXkBBXA35MrXeoLKazXhUA-1650564912-0-ATPovmbLZhxBdxaceLFanpw8uVE1+n43gLrpc+X+Vsgp7w0G0/rMHX0TxT4TDbOCT4N6i7VSmjFa8YQokaL28JL1vTi0xuqwNEPrlVuTHPs/; path=/; expires=Thu, 21-Apr-22 18:45:12 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJ%2FZtq87MOrEUdWVWs%2F82WnXMkuQ2v8Z6FSC54wDPD9qErW6j3qStp76yyr0hAubPgMrev3w4FFkfMdLLli5WNoXbuVil04RIUnu3lAZPDNiXCzpvp%2B7jRaiNAXtE%2FilwcJh6A%3D%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare < cf-ray: 6ff81a8d3eeb6904-FRA < alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 < <!DOCTYPE html>

<script>
//<![CDATA[
(function(){
  window._cf_chl_opt={
    cvId: "2",
    cType: "managed",
    cNounce: "6455",
    cRay: "6ff81a8d3eeb6904",
    cHash: "96ba0f721f1e540",
    cUPMDTk: "\/ips-v4?__cf_chl_tk=jVb3PaFlxy5Z4jOxB40iK96CWXY9IkKZnyiTMmKg.pI-1650564912-0-gaNycGzNB1E",
    cFPWv: "g",
    cTTimeMs: "1000",
    cLt: "n",
    cRq: {
      ru: "aHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vaXBzLXY0",
      ra: "Y3VybC83LjgxLjA=",
      rm: "R0VU",
      d: "XiAv6l1MNllV2F8SHiJoTJn+qwvMn4GMDZrTG5qHyShpgECd+Wvrz1H5kxEp9hhhnsXAgWcRovYCUidFpV5NONfmz6RAcpv/a3NkfgVICJrPNWL7EHzkuTmWTJfOeCLBFh2M4+vBPkkWjVCr6dNrJflZhAljLaOW7/eTLbEiNcuNhGDyXYz5tIFfjoD2X+9j+iKge9pRhX9iYjtYWRVTvjAqIUVccngmQBrPH4qJkha+2oHOwV6yXuRHlujh7pFC1TwcwBKf0qzNPO3apsQAEX4guNywkpVmcz2s90JSvzKmm3Hxi//TOhM9uiBcV938TPi7QaA7R7DwmRfL5xIF0Cklu8l1MbrIESjwFkTDxBgvfg5hu4v3ePBj2rW4y9V10/p1RJ5kf2dpwCyctWQXdOeOaY2zZ13yUzPjh+njJ0Zfr55Twz2zESmHItL5XpH7pW9OLDwCCwFIkeKoy8gOaGrNv3bh4u/tTQSIm9ppS9w6cWmCzZu9tot5fUBo3gmg0hnvnCDzpL3kHqMoJQxf5c/DYqWsHXhbw1ieQ3UtpdWz/xq0tp7BT50fwH9rIqQQqig26vaP+/Tj+6hmaYNZkg==",
      t: "MTY1MDU2NDkxMi4yMTMwMDA=",
      m: "qXADJ4mWqGGlH6Ol69BIFdiIeRHYQ17SLHK8ZiwkxcQ=",
      i1: "3dS+bKxS9A69F46+dZACVA==",
      i2: "ecUZdUzDaj2dguQN6eleYg==",
      zh: "WknVD3gDHQEGTLPKhwAHV9fbqA3BzTCoGSgrSa52xC0=",
      uh: "XtPohTwN9ruoNwJrCbocmA5soW1XPnkxU/yVFmBLOQo=",
      hh: "o2CsT6J8k5XABFTKG8Pc+kjAUTbm0LrSlAwXOrIi85c=",
    }
  };
}());
//]]>
</script>

Please enable cookies.

Please wait...

We are checking your browser... www.cloudflare.com

Please stand by, while we are checking your browser...

Redirecting...

Please enable Cookies and reload the page.

Why do I have to complete a CAPTCHA?

Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.

What can I do to prevent this in the future?

If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.

If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.

Cloudflare Ray ID: 6ff81a8d3eeb6904 • Your IP: 109.70.100.23 • Performance & security by Cloudflare

• Connection #0 to host www.cloudflare.com left intact`

[christophetd]

CloudFlare is blocking your IPs, so you can't retrieve its list of IPs.

I recommend either using another IP, or copy-pasting:

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

Instead of this function call: https://github.com/christophetd/CloudFlair/blob/dce0488f2fe5a82334e0d7fbf26c580430aae1e5/cloudflare_utils.py#L42

[fdguyg8]

changed ip all worked