Cloudflare has emerged as a widely adopted solution for protecting website data and mitigating bot-driven attacks. Its advanced anti-bot system uses sophisticated technologies to detect and filter out bot traffic, which unfortunately includes scrapers.
We'll take a look at CrimeFlare as a tool to bypass Cloudflare, as well as suggest more effective and scalable alternatives. Let's dive in!
What Is CrimeFlare
CrimeFlare is a tool designed to allow users direct access to Cloudflare-protected websites. By running your target website's domain through this tool, you can discover its actual IP address. You can then send HTTP requests directly to this IP address to retrieve the necessary data.
But how does CrimeFlare get this information?
How CrimeFlare Works
CrimeFlare works based on the fact that Cloudflare acts as a reverse proxy and sits between you and the origin server. When you make a request to a protected website, Cloudflare intercepts the initial connection before forwarding it to the original server. Also, the website's IP is hidden behind a network of servers, making it challenging to identify the server's location directly.
However, CrimeFlare attempts to reveal the real IP addresses of Cloudflare-protected websites using DNS and historical data analysis. When you run the target domain, CrimeFlare fetches and analyzes the DNS records (for example, A and CNAME records) related to that specific domain. It also looks at subdomains that provide clues or paths to the origin server's IP address.
CrimeFlare also analyzes historical data such as prior domain registrations, IP address changes, etc. Website misconfigurations and vulnerabilities, like leakages through error messages or server response, are ways the tool exploits to determine the real IP address.
After analysis, CrimeFlare generates the following results:
- CloudFlare IP.
- CloudFlare NS1 and CloudFlare NS2.
- Real IP, hostname, and organization.
- Address (country, city, region, postal code), location, and time zone.
How to Use CrimeFlare
CrimeFlare not working
. Unfortunately, CrimeFlare no longer works. The project was taken down by GitHub and discontinued. So, what is a better option? Head down to the section Best CrimeFlare Alternative.
On Linux
The given installation module in the CloudPeler repository is intended for a Linux OS, specifically Ubuntu. Here's a detailed guide on how to install and run CrimeFlare on Ubuntu:
- Install the
PHP-cURL
module using the following command:
sudo apt install php-curl
- Clone the CloudPeler repository to install the
crimeflare.php
file alongside other dependencies. You can do so using this command:
git clone https://github.com/zidansec/CloudPeler.git
- Before running CrimeFlare, navigate to the CloudPeler directory and add the
crimeflare.php
file to the /bin/ directory on your Ubuntu OS.
cd CloudPeler
sudo cp crimeflare.php /bin/crimeflare
4.. Now, to run it, enter the command crimeflare
and the domain you wish to investigate, like in the example below.
crimeflare example.com
The tool will output the origin server's IP address, along with the mentioned pieces of information.
On Windows
Alternatively, to install and run CrimeFlare on Windows, you'll need the latest versions of PHP and cURL. Then you'll have to configure PHP to use cURL.
To do this, locate the PHP configuration file php.ini
. Its exact location can vary depending on your installation, but it's generally in the PHP directory.
Open the configuration file in a text editor, search for a line that begins with ;extension=curl
, and uncomment it by removing the semicolon. Modify the line to point to the cURL extension DLL. It should look like this:
extension=curl
extension_dir = "C:\path\to\php\ext"
Replace C:\path\to\php\ext
with the actual path to the PHP extensions directory. Next, download the crimflare.php
file from the GitHub repository and save it to a directory of your choice.
Lastly, navigate to the said directory in your terminal and run CrimeFlare using the following command:
php crimeflare.php example.com
We'd have the following result if we replaced the example URL with Pastebin.
Then, we could make our requests directly to the Real IP.
Best CrimeFlare Alternative
ZenRows is the best CrimeFlare alternative because it lets you avoid the tedious process of looking up a website's original IP address and making a request directly to that IP to retrieve data. Instead, you can extract all the necessary information with your target website's domain in a single API call.
ZenRows is a complete web scraping API designed to bypass Cloudflare and any other anti-bot system. And it supports all programming languages, including Python, Java, NodeJS, Go, PHP, and Ruby.
Sign up now to try the tool yourself. Once done, you'll see the Request Builder. Paste your target URL (we'll use https://pastebin.com/
), and check the boxes for the necessary parameters to bypass Cloudflare ("Premium Proxies" and "JS Rendering"). Finally, select Python and click on the "API" tab.
Now, install Python Requests using the following command (any other HTTP library also works).
pip install requests
Then, copy the code ZenRows provided and run it in your favorite editor. Here's the complete code.
# pip install requests
import requests
url = 'https://pastebin.com/'
apikey = '<YOUR_ZENROWS_API_KEY>'
params = {
'url': url,
'apikey': apikey,
'js_render': 'true',
'premium_proxy': 'true',
}
response = requests.get('https://api.zenrows.com/v1/', params=params)
print(response.text)
Your result should look like this:
Bingo, you bypassed Cloudflare without having to look up the original website IP address.
Conclusion
CrimeFlare was a tool to discover the real IP addresses of Cloudflare-protected websites. However, it no longer works.
Fortunately, ZenRows allows you to retrieve your desired data easily. Its advanced anti-bot bypass measures ensure access, and you also get other valuable features, like geo-targeting, for the best results.
Try ZenRows with the 1,000 free API credits you get upon registration.