Web Application Firewall  - wafwoof GBHackers - Web Application Firewall detection using Kali Linux- WAFW00F

Web expanding day by day, Attacker wants to exploit flaws in your applications, Website administrator best way to detect attackers footprints in websites Web Application Firewall.

This will be detecting and blocking the specific patterns on the web applications. Pentester, well never exweb applications abilities on application rather he/she might be identifying the presence of Web Application Firewall.

- wf1 - Web Application Firewall detection using Kali Linux- WAFW00F

  • WAFW00f is the inbuilt tool in Kali distribution or else you can install it manually.
  • It can detect around 22 web application firewall, so wafw00f is a phase of information gathering initially.

Limitations of WAFW00F

- waf - Web Application Firewall detection using Kali Linux- WAFW00F

  • Above seen figure describes the list of web application firewall will be identified or detected by Wafw00f.

Also Read XSSer automated framework to detect, exploit and report XSS vulnerabilities

Presence of Web Application Firewall

- waf22 - Web Application Firewall detection using Kali Linux- WAFW00F

- waf2 - Web Application Firewall detection using Kali Linux- WAFW00F

  • Above shown figure pentester or attacker identified web application firewall presence.
  • Here blocking is being done at connection or packet level.

Identifying specific firewall

  • If an pentester knows how to bypass mod_security and if/she wants to know the presence of mod security.

- aasdasd - Web Application Firewall detection using Kali Linux- WAFW00F

  • So you can use wafw00f url -t Firewallname.
  • Above shown figure, Pentester has observed there is no ModSecurity in the web-application.

So it’s always good to Identify the barriers in web applications before you exploit.

Checking for XML-RPC

XML-RPC is a remote procedure call (RPC) protocol which utilizes XML to encode its calls and HTTP as a transport mechanism.

- wf3 - Web Application Firewall detection using Kali Linux- WAFW00F

“XML-RPC” also refers generically to the use of XML for remote procedure call, separately of the specific protocol.

Also Read How to Do Penetration testing with your WordPress website detailed Explanation



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here