Topic : information gathering
sub topic :- WAFW00F
Skill Level :- 2/5
platform :- Linux (Kali or backtrack recommended)
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
- Cookies: Some WAF products add their own cookie in the HTTP communication.
- Server Cloaking: Altering URLs and Response Headers
- Response Codes: Different error codes for hostile pages/parameters values
- Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
- Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.