Information Gathering :- WAFW00F

Topic : information gathering
sub topic :- WAFW00F
Skill Level :- 2/5
platform :- Linux (Kali or backtrack recommended)
Introduction :-
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
  • Cookies: Some WAF products add their own cookie in the HTTP communication.
  • Server Cloaking: Altering URLs and Response Headers
  • Response Codes: Different error codes for hostile pages/parameters values
  • Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
  • Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
Sample Output
Wafoof (1)


Popular posts from this blog

Contact US

OverTheWire Natas Solution Level 1-10

The Story of Blind SSRF leads to internal Host discovery.