Getting ready to make repo public

2022-05-13 17:28:35 +02:00 · 2022-05-13 17:28:35 +02:00 · 219ce89cc5
commit 219ce89cc5
parent d7965df422
2 changed files with 64 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,11 @@
 # CloudOnFire

+## Notice
+
+This is just a POC. Cloudflare sends your original IP inside the headers of every requests. Don't use this to do any bullshit.
+
+## How it works
+
 This script accepts PROXY-Calls on 9097 and tunnels them into the Edge of the Cloudflare Infrastructure.  
 This way you can access the Internet using a huge range of IPs, that change on every request and are considered clean.  
 In order for this to work, we MITM all SSL-Trafic using our own certs. This means all websites with HSTS won't work.  
--- a/worker.js
+++ b/worker.js
@ -0,0 +1,58 @@
+// This script has to be deployed as a worker on cloudflare
+addEventListener('fetch', event => {
+  event.respondWith(forwardReq(event.request))
+})
+
+const TOKEN_HEADER = 'H-Token'
+const TOKEN_VALUE = 'agfjkewjkfvasfhgkzuc'
+const HOST_HEADER = 'H-Host'
+const IP_HEADER = 'H-IP'
+
+async function forwardReq(request) {
+  if (request.headers.get(TOKEN_HEADER) != TOKEN_VALUE) {
+    return new Response("Error 418 - I'm a Teapot")
+  }
+
+  let newHdrs = new Headers()
+  for (const [key, value] of request.headers) {
+    if (key.toLowerCase() == TOKEN_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase() == HOST_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase() == IP_HEADER.toLowerCase()) {
+        continue;
+    }
+    if (key.toLowerCase().startsWith('cf-')) {
+        continue;
+    }
+    if (key.toLowerCase() == 'x-forwarded-for') {
+        continue;
+    }
+    if (key.toLowerCase() == 'x-real-ip') {
+        continue;
+    }
+    newHdrs.set(key, value)
+  }
+  newHdrs.set('Host', request.headers.get(HOST_HEADER))
+  newHdrs.set('X-Forwarded-For', request.headers.get(IP_HEADER))
+
+  let address = ''
+  const url = new URL(request.url)
+  address = request.url.replace(url.hostname, request.headers.get(HOST_HEADER))
+
+
+  const init = {
+    body: request.body,
+    headers: newHdrs,
+    method: request.method
+  }
+
+  let response = await fetch (address, init);
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText
+  })
+}