wafw00f screenshot
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
  • Cookies: Some WAF products add their own cookie in the HTTP communication.
  • Server Cloaking: Altering URLs and Response Headers
  • Response Codes: Different error codes for hostile pages/parameters values
  • Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
  • Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs. 

Tutorials ::

$ python wafw00f.py http://www.aldeid.com
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com seems to be behind a WAF 
Reason: Blocking is being done at connection/packet level.
Number of requests: 13

Download ::

Linux :: 
$ cd /data/pentest/web/
$ svn checkout http://waffit.googlecode.com/svn/trunk/ waffit-read-only

0 comments :

Post a comment

 
Top