According to specialists in web application security, the use of WAF solutions limits the risk of exploitation of known vulnerabilities in websites, since requests from payloads cannot reach the web server or the web application, being rejected by this security tool. That is why these solutions are a fundamental part of an adequate web security environment.

A limited solution

Implementing a WAF is not as simple as it should be, as you need to apply the correct settings. Some WAF applications simply do nothing after installation because they disable all filtering rules. Also, if all WAF rules are simply activated, the web server may stop working, as almost all web requests will be considered potentially dangerous, so web administrators will need to decide wisely which filters to implement.

There are hundreds of WAF solutions and they all vary greatly, although your configuration of some of them boils down to enabling and disabling categories of filtered threats in the web interface. To customize some of them, you need to edit text files that describe dangerous queries in your own WAF language.

To configure WAF rules as strictly as possible, Web application security specialists recommend enabling rules that deny everything except the necessary types of requests to the Web server. To do this, you need, first of all, to have a good understanding of how the protected website works, what you need and what you don’t; and, secondly, to have a good understanding of the types of attacks, how they are exploited, and how a custom WAF works.

On this occasion, web application security specialists from the International Institute of Cyber Security (IICS) will show you some tools designed to detect a WAF solution, find the manufacturer and discover possible ways to evade the filtering of malicious requests.

Wafw00f

Using Wafw00f, researchers will be able to very quickly and accurately determine the type of WAF for a specified website. In addition to this function, Wafw00f has other features:

• Crawl a site through a proxy
• Support for csv, json or plain text input and output formats

Using the program is very simple: just specify the domain of the site for which you want to find out the features of the WAF:

wafw00f URL

For example:

wafw00f wise.com

The “Number of requests” line shows the number of requests made; only two were enough. As a result, a Cloudflare WAF solution was identified.

If you think the scan may have been inaccurate, add the -a option, as a result, WAFW00F will not stop after the first match, but will check all possible records:

To send requests through a proxy, use the -p option, after which specify the proxy data: SOCKS and authentication are supported, examples of proxy parameters specified correctly:

• http://hostname:8080
• socks5://hostname:1080
• http://user:pass@hostname:8080

With the following command you can use the Tor network as a proxy:

wsudo systemctl start tor
wafw00f -p socks5://127.0.0.1:9050 admitad.com

Despite the slowness of the Tor network, the authentication of web protection (which turned out to be Defiant’s Wordfence) was very fast and only required two requests.

Targets for web security identification can be compiled into a file. When you start the program, you can specify a file with a list of supported destinations, csv, json, or text formats. For csv and json, a column or element called “url” is required. Text file format: 1 URL per line. Example:

wafw00f -i urls.txt

With the -t option you can specify which WAF you want to find, this option should be especially useful by adding the -i option:

wafw00f -i urls.txt -t 'Cloudflare (Cloudflare Inc.)'

You can display the full list of supported Web application firewalls with the following command: Web application security specialists recommend paying attention to the format in which the desired WAF is indicated. If you have any questions about how to specify the WAF correctly, go to the project page on GitHub, find the file you need, and open it. In https://github.com/EnableSecurity/wafw00f/tree/master/wafw00f/plugins, look for a line that begins with NAME, for example:

NAME = 'ACE XML Gateway (Cisco)'

The program is very fast and simple; however, due to the fact that it is impossible to change the User-Agent, sometimes the program cannot identify web protection because the server rejects requests for this tool with the default User-Agent.

IdentityYwaf

This is another simple, effective and easy-to-use program. Similar to Wafw00f, this is an identification tool that can recognize the type of web application security based on the server’s response. In addition, this tool performs additional queries to determine what types of vulnerability a web platform is protected against.

After scanning, the tool gives an estimate of the complexity to exploit vulnerabilities in the target, if any. The latest version of this program can detect more than 80 different protection products, developed by firms such as CrawlProtect, WatchGuard, Wordfence and Palo Alto, among others.

According to web application security experts, IdentityYwaf performs validation in two ways:

• Non-blind: when the WAF is identified based on messages that are its own. For example, in the message “403 (‘<title>Attention required! | Cloudflare</title>”, the name of the web application firewall is clearly shown, but at the same time it can be an attempt to confuse the attacker or pentester
• Blind: When the WAF is identified based on the payload locks sent to it

The following screenshot shows an example of a web application firewall scan:

Let’s examine the output of the program.

The type of WAF according to non-blind scanning is Wordfence, from Defiant:

[+] non-blind match: 'Wordfence (Defiant)'

A total of 45 tests were conducted with various payloads (non-threatening requests that are very similar to requests to exploit vulnerabilities):

[i] running payload tests... (45/45)

The result is presented in diagram form, in which the point is not a blocked payload, and the cross is a block of WAF in response to the sent payload:

[=] results: '..............x...x.xx.xxxxx....x.........xx.'  

The complexity of exploiting potential attacks is shown in a simple percentage format:

[=] hardness: easy (26%)

Categories of blocked attacks:

[=] blocked categories: SQLi, XSS, XXE, PT

The final decision based on the blind identification method and its probability:

[+] blind match: 'Wordfence (Defiant)' (100%)

One more test

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Best web application firewall testing tools: Find out what security solutions a target website is using. WAF hacking appeared first on Information Security Newspaper | Hacking News.

Before starting you must know, where web application firewall is used over the network. In the below image Web application firewall is between the classic firewall and the web server. Web application firewall monitor the traffic and protects from outside attacking.

FINGERPRINTING:-

Before knowing the web application firewall it is important to gather basic information of the target. Fingerprint is the method used to gather information about the target as much possible. The most common method for the pentesters is to fingerprint the target web presence. With this fingerprinting the pentester may develop an accurate attack scenario, which will find an vulnerability further, according to ethical hacking. Now we wil use basic telnet for fingerprinting a website.

FINGERPRINTING USING TELNET: 

Telnet is a tool mostly used by network administrators/pentesters. Telnet allows you to connect remote computers on any port as mentioned.

• Many of the web application firewall leave (or insert) HTTP parameters in response headers.
• With the help of telnet you can find basic fingerprinting information like server, cookies which can be in fingerprinting.
• Type telnet testsite.com 80

root@kali:/home/iicybersecurity# telnet testsite.com 80
Trying 14.139.40.44...
Connected to testsite.com.
Escape character is '^]'.

• After executing the above command type GET / HTTP / 1.1 and press enter key 2 times as shown below.
• You can also HEAD / HTTP / 1.1 and POST / HTTP / 1.1 for further analysis.

GET / HTTP/1.1
HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_fcgid/2.3.6
X-Powered-By: PHP/5.5.10-1~dotdeb.1
ETag: "2aa7c09658dda1cc89e2bd3b9673569d"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSf528764d624db129b32c21fbca0cb8d6=o28jpp8kikr00m5io9l3boo1f4; expires=Thu, 27-Dec-2018 09:23:13 GMT; Max-Age=2000000; path=/
Last-Modified: Tue, 04 Dec 2018 05:44:52 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 63145
Date: Tue, 04 Dec 2018 05:49:53 GMT
X-Varnish: 1823464611
Age: 0
Via: 1.1 varnish
Connection: keep-alive
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="utf-8">

=============================SNIPP===========================


</body>
</html>Connection closed by foreign host.

• After using the telnet on the target port 80, it shows the server on which website is hosted and the backend language on which website has been written (marked in RED). The above information can be used in other hacking activities.
• Above output also returns “X-Varnish: 1823464611″
• Varnish is actually a caching HTTP reverse proxy. Varnish reduces the web application threats. This HTTP parameter in HTTP response we found using telnet shows the presence of Varnish in the target.

FINGERPRINTING USING NMAP :- 

• Nmap is the security auditing tool mostly used by pentesters and network adminstrators. Nmap is used in information gathering of the target.
• Type

nmap –script=http-waf-fingerprint testsite.com 

or type

nmap –script=http-waf-fingerprint –script-args http-waf-fingerprint.intensive=1 testsite.com

root@kali:/home/iicybersecurity# nmap --script=http-waf-fingerprint testsite.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-04 02:58 EST
Nmap scan report for testsite.com (200.252.149.141)
Host is up (0.38s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
| http-waf-fingerprint:
| Detected WAF
| Citrix Netscaler
443/tcp open https
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 31.98 seconds

• After executing the nmap command, detect the web application firewall citrix netscaler.

FINGERPRINTING USING WAFW00F :-

• Wafw00f is the most well known tool to detect the web application firewall. Wafw00f sends the http request which identifies the web application firewall.
• Sometimes while sending HTTP request doesn’t work then wafw00f sends the malicious http request.
• If  sending an malicious HTTP request failed wafw00f analyze previously HTTP request and uses simple algorithm to check if web application firewall is responding our attacks or not.
• Wafw00f does not come preinstalled in kali linux distros. For installing type

git clone https://github.com/EnableSecurity/wafw00f.git

root@kali:/home/iicybersecurity# git clone https://github.com/EnableSecurity/wafw00f.git
Cloning into 'wafw00f'...
remote: Enumerating objects: 28, done.
remote: Counting objects: 100% (28/28), done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 874 (delta 16), reused 13 (delta 2), pack-reused 846
Receiving objects: 100% (874/874), 195.05 KiB | 341.00 KiB/s, done.
Resolving deltas: 100% (522/522), done.

• Type cd wafw00f
• Then type ls

root@kali:/home/iicybersecurity# cd wafw00f
root@kali:/home/iicybersecurity/wafw00f# ls
CREDITS.txt docs LICENSE Makefile MANIFEST.in nose.cfg README.md setup.py wafw00f

• Type python setup.py install

root@kali:/home/iicybersecurity/wafw00f# python setup.py install
running install
running bdist_egg
running egg_info
creating wafw00f.egg-info
writing requirements to wafw00f.egg-info/requires.txt
writing wafw00f.egg-info/PKG-INFO
writing top-level names to wafw00f.egg-info/top_level.txt
writing dependency_links to wafw00f.egg-info/dependency_links.txt
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-i686/egg
running install_lib
running build_py
creating build
creating build/lib.linux-i686-2.7
creating build/lib.linux-i686-2.7/wafw00f
copying wafw00f/manager.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/wafprio.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/main.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/__init__.py -> build/lib.linux-i686-2.7/wafw00f
creating build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/incapsula.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/comodo.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipltm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/teros.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/uspses.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/radware.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ibmdatapower.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/modsecuritycrs.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/secureiis.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/netcontinuum.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/urlscan.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/barracuda.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/wallarm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/missioncontrol.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/betterwpsecurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/airlock.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/netscaler.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/imperva.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/fortiweb.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5firepass.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/denyall.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/hyperguard.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/sucuri.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/naxsi.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/safedog.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/anquanbao.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/chinacache.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/nsfocus.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/__init__.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/modsecurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/edgecast.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/webknight.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/west263cdn.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/dosarrest.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/binarysec.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/nevisproxy.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/isaserver.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/wzb360.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipasm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/powercdn.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5trafficshield.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/blockdos.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/cloudflare.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipapm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ciscoacexml.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/webscurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/awswaf.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/dotdefender.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/profense.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ibm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
creating build/lib.linux-i686-2.7/wafw00f/tests
copying wafw00f/tests/test_main.py -> build/lib.linux-i686-2.7/wafw00f/tests
copying wafw00f/tests/__init__.py -> build/lib.linux-i686-2.7/wafw00f/tests
creating build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/evillib.py -> build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/proxy.py -> build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/__init__.py -> build/lib.linux-i686-2.7/wafw00f/lib
creating build/bdist.linux-i686
creating build/bdist.linux-i686/egg
creating build/bdist.linux-i686/egg/wafw00f
creating build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/incapsula.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/comodo.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipltm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/teros.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/uspses.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/radware.py -> build/bdist.linux-i686/egg/wafw00f/plugins
py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/binarysec.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/nevisproxy.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/isaserver.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/wzb360.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipasm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/powercdn.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5trafficshield.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/blockdos.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/cloudflare.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipapm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/ciscoacexml.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/webscurity.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/awswaf.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/dotdefender.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/profense.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/ibm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/manager.py -> build/bdist.linux-i686/egg/wafw00f
creating build/bdist.linux-i686/egg/wafw00f/tests
copying build/lib.linux-i686-2.7/wafw00f/tests/test_main.py -> build/bdist.linux-i686/egg/wafw00f/tests
copying build/lib.linux-i686-2.7/wafw00f/tests/__init__.py -> build/bdist.linux-i686/egg/wafw00f/tests
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/f5bigipltm.py to f5bigipltm.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/teros.py to teros.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/uspses.py to uspses.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/radware.py to radware.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/ibmdatapower.py to ibmdatapower.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/modsecuritycrs.py to modsecuritycrs.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/secureiis.py to secureiis.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/netcontinuum.py to netcontinuum.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/urlscan.py to urlscan.pyc

byte-compiling build/bdist.linux-i686/egg/wafw00f/lib/proxy.py to proxy.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/lib/__init__.py to __init__.pyc
creating build/bdist.linux-i686/egg/EGG-INFO
installing scripts to build/bdist.linux-i686/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-2.7
copying and adjusting wafw00f/bin/wafw00f -> build/scripts-2.7
changing mode of build/scripts-2.7/wafw00f from 644 to 755
creating build/bdist.linux-i686/egg/EGG-INFO/scripts
copying build/scripts-2.7/wafw00f -> build/bdist.linux-i686/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-i686/egg/EGG-INFO/scripts/wafw00f to 755
copying wafw00f.egg-info/PKG-INFO -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/SOURCES.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/dependency_links.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/requires.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/top_level.txt -> build/bdist.linux-i686/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
wafw00f.manager: module references __file__
creating dist
creating 'dist/wafw00f-0.9.6-py2.7.egg' and adding 'build/bdist.linux-i686/egg' to it
removing 'build/bdist.linux-i686/egg' (and everything under it)
Processing wafw00f-0.9.6-py2.7.egg
creating /usr/local/lib/python2.7/dist-packages/wafw00f-0.9.6-py2.7.egg
Extracting wafw00f-0.9.6-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding wafw00f 0.9.6 to easy-install.pth file
Installing wafw00f script to /usr/local/bin

Installed /usr/local/lib/python2.7/dist-packages/wafw00f-0.9.6-py2.7.egg
Processing dependencies for wafw00f==0.9.6
Searching for pluginbase==0.7
Reading https://pypi.org/simple/pluginbase/
Downloading https://files.pythonhosted.org/packages/6e/f4/1db0a26c1c7fad81a1214ad1b02839a7bd98d8ba68f782f6edcc3d343441/pluginbase-0.7.tar.gz#sha256=c0abe3218b86533cca287e7057a37481883c07acef7814b70583406938214cc8
Best match: pluginbase 0.7
Processing pluginbase-0.7.tar.gz
Writing /tmp/easy_install-BcDc4t/pluginbase-0.7/setup.cfg
Running pluginbase-0.7/setup.py -q bdist_egg --dist-dir /tmp/easy_install-BcDc4t/pluginbase-0.7/egg-dist-tmp-Y1J4Tr
warning: no previously-included files matching '*.pyc' found under directory 'docs'
warning: no previously-included files matching '*.pyo' found under directory 'docs'
warning: no previously-included files matching '*.pyc' found under directory 'tests'
warning: no previously-included files matching '*.pyo' found under directory 'tests'
no previously-included directories found matching 'docs/_build'
creating /usr/local/lib/python2.7/dist-packages/pluginbase-0.7-py2.7.egg
Extracting pluginbase-0.7-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding pluginbase 0.7 to easy-install.pth file

Installed /usr/local/lib/python2.7/dist-packages/pluginbase-0.7-py2.7.egg
Searching for beautifulsoup4==4.6.0
Reading https://pypi.org/simple/beautifulsoup4/
Downloading https://files.pythonhosted.org/packages/a6/29/bcbd41a916ad3faf517780a0af7d0254e8d6722ff6414723eedba4334531/beautifulsoup4-4.6.0-py2-none-any.whl#sha256=7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11
Best match: beautifulsoup4 4.6.0
Processing beautifulsoup4-4.6.0-py2-none-any.whl
Installing beautifulsoup4-4.6.0-py2-none-any.whl to /usr/local/lib/python2.7/dist-packages
writing requirements to /usr/local/lib/python2.7/dist-packages/beautifulsoup4-4.6.0-py2.7.egg/EGG-INFO/requires.txt
Adding beautifulsoup4 4.6.0 to easy-install.pth file

Installed /usr/local/lib/python2.7/dist-packages/beautifulsoup4-4.6.0-py2.7.egg
Searching for html5lib==1.0.1
Best match: html5lib 1.0.1
Adding html5lib 1.0.1 to easy-install.pth file

Using /usr/lib/python2.7/dist-packages
Finished processing dependencies for wafw00f==0.9.6

• After installing required files type wafw00f.

root@kali:/home/iicybersecurity/wafw00f# wafw00f

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Usage: wafw00f url1 [url2 [url3 ... ]]
example: wafw00f https://www.victim.org/

• Type wafw00f testsite.com

root@kali:/home/iicybersecurity/wafw00f# wafw00f testsite.com

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking https://testsite.com
The site https://testsite.com is behind a Citrix NetScaler
Number of requests: 6

• After executing the wafw00f. It shows that the target website is using citrix netscaler web application firewall.
• The above information is vital and can be used in other hacking activities.

Another Example:-

• Type wafw00f certifiedhacker.com

root@kali:/home/iicybersecurity/wafw00f# wafw00f certifiedhacker.com

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking https://targetsite.com
The site https://targetsite.com is behind a ModSecurity (OWASP CRS)
Number of requests: 11

• After executing the wafw00f. It shows that the target website is using ModeSecurity (OWASP CRS) web application firewall.
• The above information is vital and can be used in other hacking activities.

CONCLUSION:-

In this article we learned, how to detect web application firewalls. It’s an important part of the web penetration testing. This method is used initial phase of penetration testing.

Ethical hacking researcher says that having web application firewall (waf) is becoming important day by day and it is always important to analyze your web applications logs to find new attacks happening on the backend web application server. This is enable you to customize rules in your web application firewall to provide maximum security.

The post Detect Web Application Firewall (WAF) before you attack appeared first on Information Security Newspaper | Hacking News.