Bypass Cloudflare protected sites with sqlmap

When you suspect your target site is vulnerable to SQLi and you find out that it is protected by Cloudflare, you can still to launch SQLMap against the target.

First of all, you need to make sure the target site is protected by Cloudflare, you can add “–identify-waf” to confirm. However, do not set “–thread=” larger than 1 as the target will give you “403 Forbidden” error. Once you get the “403 error”, your IP address is banned. Therefore, you are required to consider to use proxy servers or TOR to access the target.

Secondary, you need to add “–tamper=’between,randomcase,space2comment'” and “-v 3”, if the target is confirmed being protected by Cloudflare. You may also consider to add “–random-agent” and “–tor” when necessary.

To successfully use tor you may need to install privoxy

$ sudo apt install privoxy -y
$ sudo /etc/init.d/privoxy start

Finally, do not use Kali Linux provided SQLMap scripts as it has no “WAF” scripts pre-installed. You are better to download the latest version of SQLMap from the official site.

git clone https://github.com/sqlmapproject/sqlmap.git

You can find more about sqlmap here. This hint can be applied to other WAFs, IDSs and IPSs, such as mod_security or other Cloudflare like service providers.

For example :

$ python sqlmap.py -u "https://www.target.com/" --identify-waf --tamper="between,randomcase,space2comment" -v 3 --random-agent --tor

Source: https://samiux.blogspot.com/2014/08/howto-sqlmap-for-cloudflare-protected.html?m=1

View 4 comments on “Bypass Cloudflare protected sites with sqlmap

  1. Kali linux sqlmap shows “can`t establish connection with the Tor SOCKS proxy. Please make sure that you have Tor service installed and setup so you could be able to successfully use switch ‘–tor'”. How can I do?

    1. As error suggest please check if tor is actually running.

      $ sudo /etc/init.d/tor status

      Check with following command:

      $ sqlmap.py -u “http://testphp.vulnweb.com/artists.php?artist=1” –tor –tor-type=SOCKS5 –tor-port 9150 –check-tor

Leave a Reply

Your email address will not be published. Required fields are marked *