0x01
CDN In the process of penetration, we often encounter websites using CDN, and the fake IP of CDN often causes various difficulties for us. Here I have collected a lot of information and summarized the methods of bypassing CDN to obtain real IP.
0x02 Identify
CDN Before bypassing CDN, you must first identify whether the website uses CDN
Ping websites in different regions
For a domain name, if we use ips from different regions to ping it, and if the ips obtained are different, then we can judge that it uses CDN, because CDN is a mechanism that follows the principle of proximity.
Use multiple ping services
http://ping.chinaz.com/
http://ping.aizhan.com/
http://ce.cloud.360.cn/
http://tools.fastweb.com.cn/Index/Ping
Use nslookup
If multiple ips are returned, it can be judged that CDN is used
Use the online website to query
0x03 Bypass
CDN nslookup method
nslookup www.xxx.com 8.8.8.8
The format is nslookup main domain name, dns that is not popular abroad
Since many domestic CDN providers may only provide domestic services, but do not provide services to foreign countries, it is possible to resolve the real IP through foreign dns (Note: 8.8.8.8 here is not considered a foreign unpopular dns)
View historical dns records
The real ip can be judged by viewing the historical dns records, because it should be the real ip before using the CDN
Query subdomain
In many cases, because the CDN service is more expensive, some websites only configure the CDN service for the main website, so you can Google the subdomain to see if the corresponding IP is correct
Use foreign ip to resolve domain names
In fact, the principle is similar to the nslookup method. If there is a foreign vps, directly ping the domain name to see if there is a real IP
Target sensitive file leakage
Get the real ip through some sensitive files on the website, or probes like phpinfo
Some servers have their own sendmail (mail transfer agent) registered locally, they will take the initiative to send an email to us, open the source code of the email, you can see the real IP of the server. Some large Internet sites will have their own Mailserver. But it should be in a network segment, just scan the C segment address.
After DDOS finishes CDN traffic, there will be real IP (not advisable)
Find a way to let the website visit our own server and get the real ip from the log
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
