From 219ce89cc5989f19b10efd11030de28777f866a0 Mon Sep 17 00:00:00 2001
From: Dominik Roth <dominik.roth.dev@gmail.com>
Date: Fri, 13 May 2022 17:28:35 +0200
Subject: [PATCH] Getting ready to make repo public

---
 README.md |  6 ++++++
 worker.js | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 worker.js

diff --git a/README.md b/README.md
index 70f0c4a..8ddcc27 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
 # CloudOnFire
 
+## Notice
+
+This is just a POC. Cloudflare sends your original IP inside the headers of every requests. Don't use this to do any bullshit.
+
+## How it works
+
 This script accepts PROXY-Calls on 9097 and tunnels them into the Edge of the Cloudflare Infrastructure.  
 This way you can access the Internet using a huge range of IPs, that change on every request and are considered clean.  
 In order for this to work, we MITM all SSL-Trafic using our own certs. This means all websites with HSTS won't work.  
diff --git a/worker.js b/worker.js
new file mode 100644
index 0000000..877cc78
--- /dev/null
+++ b/worker.js
@@ -0,0 +1,58 @@
+// This script has to be deployed as a worker on cloudflare
+addEventListener('fetch', event => {
+  event.respondWith(forwardReq(event.request))
+})
+
+const TOKEN_HEADER = 'H-Token'
+const TOKEN_VALUE = 'agfjkewjkfvasfhgkzuc'
+const HOST_HEADER = 'H-Host'
+const IP_HEADER = 'H-IP'
+
+async function forwardReq(request) {
+  if (request.headers.get(TOKEN_HEADER) != TOKEN_VALUE) {
+    return new Response("Error 418 - I'm a Teapot")
+  }
+
+  let newHdrs = new Headers()
+  for (const [key, value] of request.headers) {
+    if (key.toLowerCase() == TOKEN_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase() == HOST_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase() == IP_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase().startsWith('cf-')) {
+        continue;
+    }
+    if (key.toLowerCase() == 'x-forwarded-for') {
+        continue;
+    }
+    if (key.toLowerCase() == 'x-real-ip') {
+        continue;
+    }
+    newHdrs.set(key, value)
+  }
+  newHdrs.set('Host', request.headers.get(HOST_HEADER))
+  newHdrs.set('X-Forwarded-For', request.headers.get(IP_HEADER))
+
+  let address = ''
+  const url = new URL(request.url)
+  address = request.url.replace(url.hostname, request.headers.get(HOST_HEADER))
+
+
+  const init = {
+    body: request.body,
+    headers: newHdrs,
+    method: request.method
+  }
+
+  let response = await fetch (address, init);
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText
+  })
+}