crimeflare
/
cloudflare-tor
mirror of https://codeberg.org/crimeflare/cloudflare-tor
1
2
Fork 0
Code Issues Releases Activity
cloudflare-tor/instructions.md

9.3 KiB
Raw Blame History

List Instructions

_click me_

Website is using Cloudflare
List name Description
/domain/cloudflare_?.txt Split files (base domain)
ex_cloudflare_users.txt Domains which used Cloudflare in the past, not anymore
cloudflare_supporter.txt who is using Cloudflare or endorsing Cloudflare. (URL only)
List name Description
cloudflare_CIDR_v4.txt IPv4 CIDR owned by Cloudflare
cloudflare_CIDR_v6.txt IPv6 CIDR owned by Cloudflare
cloudflare_range_v4.txt IPv4 range owned by Cloudflare
cloudflare_owned_ASN.txt AS network owned by Cloudflare
cloudflare_owned_NS.txt Name Server owned by Cloudflare
cloudflare_owned_domains.txt Domains owned by Cloudflare
cloudflare_owned_onions.txt Tor .onions owned by Cloudflare
cloudflare_members.txt Cloudflare employer & employee

How to detect Cloudflare?

There are many ways to detect it:

emsisoft.com.		21599	IN	NS	bella.ns.cloudflare.com.
emsisoft.com.		21599	IN	NS	dom.ns.cloudflare.com.

dev.qubes-os.org.	299	IN	A	104.18.228.122

ASN AS13335 Cloudflare, Inc.
Organization Cloudflare, Inc.
Route 104.18.224.0/20

IMPORTANT: Please add only "Base Domain"

    if "community.example.com" is using Cloudflare
        add "example.com"

    if "www.example.co.uk" is using Cloudflare
        add "example.co.uk"

    if "example.net" is using Cloudflare
        add "example.net"

... to /split/cloudflare_e.txt

But the website X no longer using Cloudflare!

Remove it from /split/ list and add to "ex_cloudflare_users.txt".

_click me_

Website is NOT using Cloudflare
  • Anti-Tor users (formerly "TorBlocker Hall of Shame Part I") | List Directory
List name Description
/domain/(cdnName).txt Split files (FQDN)
tor_blocked.txt FQDN which denied access via Tor
/cidr_data/?.txt CIDR, ASN
ex_tor_blocked.txt was previously on one of the above tor-hostile lists

Above is how Siteground-hosted(INAP;Singlehop) sites often appear to Tor visitors when timeouts/tarpitting doesn't occur. You can find such examples in /domains/.


About "CDN FQDN list"

www.example.com
   ---> www.example.com is using CDN.

?.akamaiedge.net
   ---> subdomain of akamaiedge.net is using CDN.
   * unique hostname will be masked as "(subdomain)".

senate.gov
   ---> base domain is using CDN.

Some websites use other companies with the CloudFlare business model.

This is a collection of websites that ban Tor exits, other than through Cloudflare(e.g. showing access denied pages, systematic timing out connections, ...).

_click me_

How to add your data

A or B will be enough. Thank you for your contribution.

  • Type A: Push to OpenPrivacy
  1. Log in to OpenPrivacy.
  2. Click "Fork" button. (top-left corner)
  3. Edit text file.
  4. Click Double-arrow button to create a new pull request.
  • Type B: Just scan the FQDN
  1. Scan FQDN on "Is MITM?" webpage. (or just use "MITM test API", "Detect CDN API")
  2. It will be pushed to OpenPrivacy automatically within a week.
_click me_

How to setup git

This procedure will give you a cloudflare-tor fork with a privacy-respecting configuration to do pushes with SSH over Tor using codeberg.org ("CDB"). This procedure is designed for linux. The first step covers Windows too, but these instructions probably need more adaptations for Windows and other platforms.

  • Linux: aptitude install git tor ssh
  • Windows: Download https://github.com/git-for-windows/git/releases/PortableGit-2.21.0-64-bit.7z & run git-bash.exe
  1. install Git, SSH(Not Windows), and Tor (if you haven't already)
  2. create a codeberg.org account (username "snowden" will be used for this example)
  3. create an SSH key pair $ ssh-keygen -t rsa -N '' -C 'snowden at codeberg' -f "$HOME"/.ssh/id_rsa_codeberg-snowden
  4. edit $HOME/.ssh/config:
    host codeberg-*
         hostname     codeberg.org
         ForwardX11   no
         ProxyCommand connect -4 -S 127.0.0.1:9050 $(tor-resolve %h 127.0.0.1:9050) %p
    host codeberg-snowden
         IdentityFile /home/user/.ssh/id_rsa_codeberg-snowden
  1. copy "$HOME"/.ssh/id_rsa_codeberg-snowden.pub to clipboard
  2. codeberg.org > settings > SSH/GPG Keys > add key (paste from clipboard)
  3. $ firefox https://codeberg.org/crimeflare/cloudflare-tor
  4. fork it (top right corner)
  5. go to the directory you want the project to be rooted in (hereafter we'll call it $project_root).
  6. anonymously download your fork: $ git clone git@codeberg-snowden:crimeflare/cloudflare-tor.git
  7. edit $project_root/cloudflare-tor/.git/config to include the account name and email address that will be on every commit, as well as the URL:
[user]
        email = BM-yadayadayada6fgnLfybVnCcWf25AGZcgg@bitmessage.ch
        name = snowden
[remote "origin"]
        url = git@codeberg-snowden:snowden/cloudflare-tor.git
     	fetch = +refs/heads/*:refs/remotes/origin/*
[remote "upstream"]
        url = git@codeberg-snowden:crimeflare/cloudflare-tor.git
     	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
  1. make your first change
  2. (from $project_root) $ git add . -u -n
  3. check that the files listed are what you changed and intend to push upstream
  4. if yes: $ git add . -u
  5. $ git commit -m 'description of first change'
  6. $ git push origin master
  7. $ firefox https://codeberg.org/crimeflare/cloudflare-tor
  8. make a new pull request

 

Whenever git operates on the cloudflare-tor project, all connections to codeberg are automatically over Tor with this configuration (because the url in .git/config references the virtual host codeberg-snowden in ~/.ssh/config).

_click me_

About Cloudflare base domain list

Our mission is clear - stay away from Cloudflare.

If the subdomain.example.com is cloudflared, we add example.com to the database. (subdomain.example.com is the sub-domain of example.com. Only the owner of example.com can create sub-domain)

Even if whatever.example.com is not behind cloudflare we will raise a warning, because the base domain example.com is cloudflare user.

The owner of example.com can enable Cloudflare to whatever.example.com at any time without user's notice. It can be done from dash.cloudflare.com webpage or hitting Cloudflare API. The owner is supporting Cloudflare and this is severe security risk.

Until the owner completely stop using Cloudflare service for example.com, we do not remove example.com from the database.

There is no exception.


"Amazon.com"

$ getweb --headonly https://pages.payments.amazon.com/robots.txt

cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h2="cflare******.onion:443"; ma=86400; persist=1
server: cloudflare
cf-ray: XXXXXXXXXXX-YYY

If the owner moved away from cloudflare completely, you are welcome to add example.com to the "ex_cloudflare_users.txt" - after checking example.com with online tool below.

  1. Open "Is MITM?" webpage.

  2. Input gitlab.com and click Skanu.

  3. Click testo for detailed scan.

  4. If you got ---Finish---, the domain might stopped using Cloudflare. We'll investigate and remove it - or not. (wait some days and scan again to see whether the domain is removed)

Only a few Cloudflare user leave Cloudflare. False positive is uncommon.

"Cloudflare is not an option."