Hack DDoS protection by Cloudflare

Some website try to protected their site by using DDoS protection by Cloudflare. If we look into below url: “http://www.jlotto.kr/keno.aspx?method=kenoWinNoList” 1. The cloudflare will checking for the browser information, then will redirect the page into the jlotto.kr. DDoSProtectionCloudFlare DDoSBreakCloudflare   2. After we see this, we turn on the fiddler to capture what happen, we will see that the step. 503, 302, 200 HttpStatus. DDoSBreakFiddler Then we need to investigate the more details like what information that parse from 503 -> 302 -> 200. 3. When we look into the last request 200 success we can identify, that it required “cf_clearance” to be set on the cookie. 4. Continue to trace back, the 2nd request is “http://www.jlotto.kr/cdn-cgi/l/chk_jschl?jschl_vc={0}&pass={1}&jschl_answer={2}” How the value jschl_vc, pass & jschl_answer it get the value from the first request. jschl_vs & pass we can get from the innerHtml jschl_answer we need to use javascript to calculate it.

After we apply this rule into the code we will able to crawler the official site.

Advertisements