FlareProx Deploy Cloudflare Worker pass-through proxies for ...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/MrTurvey/flareprox
• Blog Title: FlareProx: Deploy Cloudflare Worker pass-through proxies for simple IP rotation
• Suggested Section: Cloudflare Security -> Abusing Cloudflare Workers for pass-through proxy/IP rotation (FireProx-style)

🎯 Content Summary

Overview
FlareProx is a Python tool that auto-deploys Cloudflare Workers to act as HTTP pass-through proxies, providing simple IP masking and endpoint rotation (similar in spirit to FireProx). It supports all HTTP methods and lets you specify the upstream target via a query parameter or custom header. Because traffic egresses from Cloudflare’s network, the target sees Cloudflare IPs rather than the tester’s. Cloudflare’s free tier allows ~100,000 requests/day.

How it works...

🔧 Technical Details

Cloudflare Worker pass-through proxying: Host a Worker that reads an upstream from either ?url= or X-Target-URL, then forwards the original method/headers/body to that upstream and relays the response. Targets observe Cloudflare egress IPs, enabling authorized testing without exposing your origin IP.

Simple operational rotation: Create multiple Worker endpoints (e.g., flareprox.py create --count N) and randomly select one per request to distribute traffic and reduce basic IP/heuristic blocking. Validate endpoints with flareprox.py test and remove them with flareprox.py cleanup.

Tooling drop-in: Replace the target in scanners/proxies (e.g., Burp) with the Worker URL and convey the real destination via ?url= or X-Target-URL, preserving HTTP semantics while masking your source IP.

🤖 Agent Actions

I analyzed the repository and existing Cloudflare coverage and found no content describing the FireProx-style abuse of Cloudflare Workers as pass-through proxies for IP rotation. The current Cloudflare section only includes security review checklists and general advice, so adding a dedicated technical page about this technique is appropriate.

What I added

• New page: Abusing Cloudflare Workers as pass-through proxies (IP rotation, FireProx-style)

  • Path: src/pentesting-ci-cd/cloudflare-security/cloudflare-workers-pass-through-proxy-ip-rotation.md
  • Contents:
    • Detailed explanation of the technique and end-to-end flow
    • Expandable Worker JavaScript example implementing pass-through proxying
      • Target extraction via ?url=, X-Target-URL header, and path fallback
      • Allowed header forwarding and hop-by-hop filtering
      • Optional X-Forwarded-For spoofing via X-My-X-Forwarded-For
      • CORS handling and OPTIONS preflight
    • FlareProx automation usage (config, create, list, test, cleanup)
    • cURL examples for multiple methods and target-passing mechanisms
    • Programmatic Python example (expandable)
    • Burp Suite integration notes
    • Operational considerations and Workers free-tier limits
    • Detection and mitigation guidance (defender notes)
    • References to FlareProx repo, Cloudflare Workers docs (fetch API, pricing), and FireProx repo

• Cross-link from Cloudflare Security main page:

  • Updated src/pentesting-ci-cd/cloudflare-security/README.md to link to the new page under the “Workers” section using the ref syntax.

Files created/modified

• Created:
  • src/pentesting-ci-cd/cloudflare-security/cloudflare-workers-pass-through-proxy-ip-rotation.md
• Modified:
  • src/pentesting-ci-cd/cloudflare-security/README.md (added internal reference to the new page)

References used

• FlareProx repo: https://github.com/MrTurvey/flareprox
• Cloudflare Workers fetch API: https://developers.cloudflare.com/workers/runtime-apis/fetch/
• Cloudflare Workers pricing (free tier): https://developers.cloudflare.com/workers/platform/pricing/
• FireProx repo (context): https://github.com/ustayready/fireprox

No other related pages existed that covered this technique, so a new page under Cloudflare Security was the best fit and is now linked from the Cloudflare Workers section.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

📚 Repository Maintenance

• MD files processed: 559
• MD files fixed: 19

All .md files have been checked for proper formatting (headers, includes, etc.).

🗑️ File Cleanup

• searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/MrTurvey/flareprox

Content Categories: Based on the analysis, this content was categorized under "Cloudflare Security -> Abusing Cloudflare Workers for pass-through proxy/IP rotation (FireProx-style)".

Repository Maintenance:

• MD Files Formatting: 559 files processed (19 files fixed)

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0