Home > Internet > Online Trends

Bypass CDN to get Real IP

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
0x01 CDN
In the process of penetration, we often encounter websites using CDN, and the fake IP of CDN often causes various difficulties for us. Here I have collected a lot of information and summarized the methods of bypassing CDN to obtain real IP.

0x02 Identify CDN
Before bypassing CDN, you must first identify whether the website uses CDN

Ping websites in different regions
For a domain name, if we use ips from different regions to ping it, and if the ips obtained are different, then we can judge that it uses CDN, because CDN is a mechanism that follows the principle of proximity.

Use multiple ping services
http://ping.chinaz.com/
http://ping.aizhan.com/
http://ce.cloud.360.cn/
http://tools.fastweb.com.cn/Index/Ping
Use nslookup
If multiple ips are returned, it can be judged that CDN is used

Use the online website to query

0x03 Bypass CDN
nslookup method
nslookup www.xxx.com 8.8.8.8
The format is nslookup main domain name, dns that is not popular abroad
Since many domestic CDN providers may only provide domestic services, but do not provide services to foreign countries, it is possible to resolve the real IP through foreign dns (Note: 8.8.8.8 here is not considered a foreign unpopular dns)

View historical dns records
The real ip can be judged by viewing the historical dns records, because it should be the real ip before using the CDN

Query subdomain
In many cases, because the CDN service is more expensive, some websites only configure the CDN service for the main website, so you can Google the subdomain to see if the corresponding IP is correct

Use foreign ip to resolve domain names
In fact, the principle is similar to the nslookup method. If there is a foreign vps, directly ping the domain name to see if there is a real IP

Target sensitive file leakage
Get the real ip through some sensitive files on the website, or probes like phpinfo


Some servers have their own sendmail (mail transfer agent) registered locally, they will take the initiative to send an email to us, open the source code of the email, you can see the real IP of the server. Some large Internet sites will have their own Mailserver. But it should be in a network segment, just scan the C segment address.

After DDOS finishes CDN traffic, there will be real IP (not advisable)

Find a way to let the website visit our own server and get the real ip from the log

Use command execution loopholes, ssrf, etc.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More