Add Cloudflare Support via FlareProx Integration

README.md

@@ -1,8 +1,8 @@
 # CredMaster #
 
-Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.  
+Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays. Alternatively, you can use FlareProx to create Cloudflare workers endpoints.  
 
-Shoutout to [@ustayready](https://twitter.com/ustayready) for his [CredKing](https://github.com/ustayready/CredKing) and [FireProx](https://github.com/ustayready/fireprox) tools, which form the base of this suite.
+Shoutout to [@ustayready](https://twitter.com/ustayready) for his [CredKing](https://github.com/ustayready/CredKing) and [FireProx](https://github.com/ustayready/fireprox) tools, which form the base of this suite. Also shoutout to [@turvsec](https://twitter.com/turvsec) for his [FlareProx](https://github.com/MrTurvey/flareprox) tool, which is used to create Cloudflare workers endpoints.
 
 See all the full notes on the [Wiki](https://github.com/knavesec/CredMaster/wiki), tool released with specifics in this [blogpost](https://whynotsecurity.com/blog/credmaster/)
 
@@ -20,7 +20,7 @@ For detection tips, see the blogpost and detection section.
 ## Benefits & Features ##
 
 * Rotates the requesting IP address for every request
-* Automatically generates APIs for proxy passthru
+* Automatically generates APIs for proxy passthru with AWS or Cloudflare workers
 * Spoofs API tracking numbers, forwarded-for IPs, and other proxy tracking headers = fully [anonymous](https://github.com/knavesec/CredMaster/wiki/Anonymity)
 * Easily configuation via config file
 * Multi-threaded processing
@@ -73,14 +73,25 @@ Example Use:
 ```
 python3 credmaster.py --plugin {pluginname} --access_key {key} --secret_access_key {key} -u userfile -p passwordfile -a useragentfile {otherargs}
 ```
+```
+python3 credmaster.py --plugin {pluginname} --cf_api_token {api_token} --cf_account_id {account_id} -u userfile -p passwordfile -a useragentfile {otherargs}
+```
 
 or
 
 ```
 python3 credmaster.py --config config.json
 ```
 
-This tool requires AWS API access keys, a walkthrough on how to acquire these keys can be found here: https://bond-o.medium.com/aws-pass-through-proxy-84f1f7fa4b4b
+This tool requires either Cloudflare API tokens or AWS API access keys, a walkthrough on how to acquire AWS keys can be found here: https://bond-o.medium.com/aws-pass-through-proxy-84f1f7fa4b4b
+
+
+### Getting Cloudflare Credentials
+1. Sign up at [Cloudflare](https://cloudflare.com)
+2. Go to [API Tokens](https://dash.cloudflare.com/profile/api-tokens)
+3. Click 'Create Token' and use the 'Edit Cloudflare Workers' template
+4. Set the 'account resources' and 'zone resources' to all. Click 'Continue to Summary'
+5. Click 'Create Token' and copy the token and your Account ID from the dashboard
 
 All other usage details can be found [on the wiki](https://github.com/knavesec/CredMaster/wiki/Usage)
 

config.json

@@ -36,5 +36,12 @@
   "access_key" : null,
   "secret_access_key" : null,
   "session_token" : null,
-  "profile_name" : null
+  "profile_name" : null,
+  "proxy_provider" : null,
+
+  "cloudflare": {
+    "api_token": null,
+    "account_id": null,
+    "zone_id": null
+  }
 }