Hack DDoS protection by Cloudflare

Some website try to protected their site by using DDoS protection by Cloudflare. If we look into below url: “http://www.jlotto.kr/keno.aspx?method=kenoWinNoList” 1. The cloudflare will checking for the browser information, then will redirect the page into the jlotto.kr. DDoSProtectionCloudFlare DDoSBreakCloudflare   2. After we see this, we turn on the fiddler to capture what happen, we will see that the step. 503, 302, 200 HttpStatus. DDoSBreakFiddler Then we need to investigate the more details like what information that parse from 503 -> 302 -> 200. 3. When we look into the last request 200 success we can identify, that it required “cf_clearance” to be set on the cookie. 4. Continue to trace back, the 2nd request is “http://www.jlotto.kr/cdn-cgi/l/chk_jschl?jschl_vc={0}&pass={1}&jschl_answer={2}” How the value jschl_vc, pass & jschl_answer it get the value from the first request. jschl_vs & pass we can get from the innerHtml jschl_answer we need to use javascript to calculate it.

After we apply this rule into the code we will able to crawler the official site.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s