Cloudflare

Cloudflare provides network and security products for consumers and businesses, utilizing edge computing, reverse proxies for web traffic, data center interconnects, and a content distribution network to serve content across its network of servers.

WAF

Tools: CloudFail

Web Application Firewall (WAF)

See WAF Bypass

CloudFlare can recognize tools like Burp Suite with the JA3 fingerprint. Bypass:

Option 1:
- Install the Bypass Bot Detection extension in the BApp Store.
Option 2:
- Go to Settings -> Network -> TLS
- Select Use custom protocols and ciphers
- Select protocols and ciphers. See this browser/cipher mapping on GitHub.
- Go to Settings -> Tools -> Proxy
- Under HTTP match and replace rules, create a rule to update the User-Agent header to be the same as the chosen browser/cipher mapping.

Example with Chrome:

User-Agent:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Protocols:

TLSv1.2
TLSv1.3

Ciphers

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA