I’m using LibreWolf with tor service enabled and I want to know how to bypass website’s Cloudflare protections.
I tryied to check the original IP of some websites but Cloudflare block also the requests to the these original sources.
Cloudflare blocks tor by default.
Have you guys some tips or some solutions to propose to solve this enormous problem since websites with this MITM are growing too much in this last years?
Thanks in advice.
I’m not sure why you would use librewolf with tor considering that the tor browser is very similar pretty much a torified version of librewolf and that the signature of librewolf+tor will be extremely identifiable (quite likely unique). Also in my experience if you visit a cloudflare website from the tor browser then you get one of those annoying “prove you are human” pop ups but the website does work after you fill it out.
I’m only using librewolf temporarily, I had to use it for work because GNU IceCat didn’t have some plugins, but I’m making up for it.
For strong anonymity GNU IceCat should be better than others if well configured, right?
For Cloduflare the thing that happens to me is that even filling in the popup that says “prove you are human” sends the page loading and continues to request filling.
I will try to change browser, but in any case I would like to understand where this problem originates, also because Cloudflare being a MITM could compromise the encryption on the connection, putting at risk not only the anonymity but also the privacy of the users.
The main issue is that you cannot simply bypass Cloudflare Challenges protection system. Cloudflare Challenges is designed to detect IP address and browser headers in order to verify that the connections are made by human not by robot.
When you connect to the destination website which is hosted on Cloudflare infrastructure via Tor Browser or Tor network then Cloudflare automatically redirects all its traffic via Onion v3 service without any notification using HTTP AltSvc headers. Therefore, Cloudflare system cannot detect source IP address (the IP address of Tor exit node) you’re making connections from. This may cause errors with passing Cloudflare Challenges. You may try to disable AltSvc in about:config:
network.http.altsvc.enabled -> false
It may help, but I cannot guarantee it will always work.
Related wiki page: