Chkdfront : Checks If Your Domain Fronting is Working

Chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain.

Features

  • Checking your domain fronted against the domain front.
  • Searching an expected string in the response to indicate success.
  • Showing troubleshooting suggestions when test fails based on the failure natural.
  • Inspecting the HTTP request and response when test fails. (optionally if succeeded).
  • Troubleshooting with various checks (ping, http, nslookup) when test fails. (optionally if succeeded).
  • Support testing though proxy

Also Read – Pocsuite3 : Open-Sourced Remote Vulnerability Testing Framework

Installation

$ gem install chkdfront

Usage

Help menu:
-f, –front-target URL Fronted target domain or URL.
e.g. images.businessweek.com
-d, –domain-front DOMAIN DomainFront domain.
e.g. df36z1umwj2fze.cloudfront.net
-e, –expect STRING Expect a given string that indicates success. (case-sensitive) e.g. It works
-p, –provider NUM Choose CDN / Domain Front Provider:
[0] Auto (default – auto tune request.

Extra request to detect)

[1] Amazon (tune request for Amazon domain fronting)
[2] Azure (tune request for Azure domain fronting)
[3] Alibaba (tune request for Alibaba domain fronting)

-t, –troubleshoot [DOMAIN] Force troubleshooting procedures. execute troubleshooting procedures(ping, http,nslookup) for all parties (optional: original domain where CDN forwards, to include in the checks) e.g. c2.mydomain.com
–proxy USER:PASS@HOST:PORT Use proxy settings if you’re behind proxy. e.g. user1:Pass123@localhost:8080
–debug Force debugging. show response’s body and low-level request and response debug trace. (default enabled when test fails.)
-h, –help Show this message.

Usage:
/usr/local/bin/chkdfront
Example:
/usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net
/usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net –debug -t c2.mysite.com

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago