Cloudflare

[0xAozora]

Well, the server just crashes

[compewter]

Hey @0xAozora,

First of all, thanks for your interest in CopyCat. I've published this code to demonstrate that something like this is possible for those who are interested in and familiar with web security.

If you haven't taken any steps to troubleshoot the issue then I don't think this is the tool for you. Maybe one day CopyCat will be something with a stable release which can simply be installed and ran, but it's currently nowhere near that state.

However, if you're feeling up to the challenge of playing around with this tool and getting it to work in a lab type scenario I'd be happy to answer some questions. But what you've said so far gives me nothing to work with.

[0xAozora]

Good evening @compewter, I am kinda unexperienced with node and github. For now I managed to edit your code so the server redirects all trafic from its original ip address to a specific server. However, if the server has cloudflare enabled, I get the following error messages:

If you have any suggestions on how to help troubleshooting I will do the best I can.

[compewter]

Hmm. I can see how Cloudflare would introduce some complexities in this. However my website https://thecompewterlab.com is behind Cloudflare and it's loading perfectly fine for me.

Do you have an example website where its producing that error?

[0xAozora]

Try loading the site without cookies / private firefox or chrome tab

[compewter]

Not making a difference for me. Other sites are working fine for you?

What's your setup look like? How are you handling DNS?

[0xAozora]

I set everything in the configuration file to "localhost". They say cloudflare gets activated if the server has to many requests comming in. So it might vary from server to server.

[compewter]

Ahh, I'm seeing it now. It's failing when Cloudflare does their active browser test. This will be really interesting to take apart and see what its doing and what it'd take to get around it. I'm not surprised it fails it because Node is making all of the requests.

I'm working on a new version of this tool with a completely different approach and some cool features. So rather than patch this older version I'll add this to the list of things I'm wrapping up with the new one. Thanks for pointing out this interesting scenario!