Skip to main content
All CollectionsHacker EngagementGateway - Customers
Self-Managed Cloudflared Configuration
Self-Managed Cloudflared Configuration

All Audiences: Set up your machines for the Cloudflared configuration

Updated over 3 months ago

HackerOne Gateway’s self-managed Cloudflared configuration empowers customers to enable penetration testing teams to assess internal networks and their targets thoroughly. By using a machine designed as an endpoint for the tunnel, ethical hackers and pentesters can easily access internal assets through the HackerOne Gateway VPN.

Prerequisites

HackerOne Customers

  • An internal network not “air-gapped” (with access to the internet)

  • A machine acting as the tunnel’s endpoint, located in the internal network, where the Cloudflared solution will be installed and configured

Additional Requirements (Handled by HackerOne Staff)

  • An active HackerOne program, most commonly a HackerOne Pentest.*

  • Gateway V2 enabled for the program.*

  • Cloudflared internal testing enabled.*

*Included for visibility only. HackerOne customers and testing team members do not need to take any action.

Machine Minimum Requirements

To ensure optimal performance and security when using the Cloudflared tunnel for internal network testing, the endpoint machine should meet the following minimum requirements:

  • Operating Systems or Platform:

    • Windows (64-bit, 32-bit)

    • MacOS

    • Linux (amd64/x86–64, x86 (32 Bit), ARM (32 Bit), ARM64)

    • Docker

  • RAM: 8 GB or more.

  • CPU: 4 GHz quad-core or higher recommended for better performance

  • Network:

    • Stable and high-speed internet connection

    • Network interface supporting at least 1 Gbps (preferably 10 Gbps for high-throughput environments)

  • Additional Software:

    • OpenSSH or any other secure shell service for remote access (if applicable)

Penetration Testers

  • The WARP client must be installed on your local machine.

Instructions for HackerOne Customers

Authenticate Cloudflared and Create the Tunnel

After your machine is set up and running, you can proceed with installing Cloudflared, authenticating it, and creating the tunnel.

  1. In the HackerOne platform, go to Program > Gateway > Internal testing, as shown in the image below.
    Note: Ensure your HackerOne Technical Engagement manager enables the Cloudflared internal testing prerequisite. See the Prerequisites section above.

    Create tunnel button

  2. Create the tunnel

    Request being processed

  3. The page will show instructions for the preferred environment

    Choose environment for configuration

  4. Paste and run the command found at the bottom of the page into your machine. Assuming your machine is based on Debian:

    curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && 
    sudo dpkg -i cloudflared.deb &&
    sudo cloudflared service install <REDACTED TOKEN>

  5. You should find the following output

    2024-07-23T13:02:31Z INF Using Systemd 
    2024-07-23T13:02:32Z INF Linux service for cloudflared installed successfully

  6. The tunnel configuration and related Routes will appear to you as the following:

    Cloudflared status

  7. Make sure the Cloudflared status is: HEALTHY

Verify Connection

Verify the tunnel connection is correctly set up with your penetration testing team after they have completed all the steps. If you face issues with the connection, please contact your HackerOne Technical Engagement Manager or Solutions Architect.

The tunnel statuses are described here: Cloudflared tunnel status.

Additional Optional Setup

If you need to conduct tests on an internal network without any current assets, you can easily set up a test environment by hosting a simple web page:

  1. Assuming the internal IP associated with the machine endpoint is 192.168.100.2, create a new machine and assign the associated internal IP to 192.168.100.3.

  2. On the new machine, install a web server:

    sudo apt update && sudo apt upgrade
    sudo apt install apache2
    sudo service apache2 start
    sudo service apache2 status

  3. Customize the webpage:

    cd /var/www/html
    sudo rm index.html
    sudo nano index.html

  4. Copy and paste the following HTML:

    <html>
    <head>
    <meta charset="utf-8">
    <title>Internal testing</title>
    </head>
    <body>
    <div style="text-align: center; padding: 40px;">
    <h1>Internat testing</h1>
    <p>This is a test</p>
    </div>
    </body>
    </html>
  5. Restart the server:

    1. sudo service apache2 restart

  6. The tester can now test the access using curl

Instructions for Pentesters

After setting up the Self-Managed Cloudflared Configuration, the testing team should follow these steps to gain and confirm access before starting the tests.

  1. Get the Cloudflare team name domain for the HackerOne program by going to Profile > User Settings > Gateway.

  2. Log in to WARP as described in Configure Client for a Specific Program and turn the WARP client on.

  3. If the machine tunnel endpoint is correctly running, testers can now reach the in-scope assets

  4. To make a test:

    1. Assuming the Internal IP associated with the machine endpoint is 192.168.100.2

    2. Assuming an asset is located on a machine with internal IP 192.168.100.3

    3. Don’t rely on ping, as the ICMP protocol on WARP is not reliable yet

    4. Use nmap instead:

      sudo nmap 192.168.100.3
  5. If provided by the customer, testers can connect via SSH:

    1. ssh <user>@192.168.100.2

Did this answer your question?