There are some impressive freeware & open source tools in the scene now. This is an exciting time to be in the network security business. WAFW00F is one such tools that is being updated quite frequently & which is worked upon almost every month.
WAFW00F allows you fingerprint WAF products protecting a website. The tool as of now can fingerprint 20 WAF products. How can it do that? Possibly, it is looking at the following:
- Cookies - Some WAF products add their own cookie in the HTTP communication.
- Server Cloaking - Altering URLs and Response Headers.
- Response Codes - Different error codes for hostile pages/parameters values.
- Drop Action - Sending a FIN/RST packet. This can also be a false positive for an IDS/IPS.
- Pre Built-In Rules - Each WAF has different negative security signatures. A study is done of all them WAF products.
Now, whats really good about this tool is that it can also detect ModSecurity too! Here is what we did: We set up a test enviornment with ModSecurity and ran the python script. Here are the results:
This is the screen that you get when you run WAFW00F. Now, we ran it against the test machine:
wafw00f.py http://localhost
Here is what we got:
It surely does what it says eh?
Best of luck hunting!
Get WAFW00f here.
Related External Links
- hardware firewall » Archive du blog » Thinking Made Easy: Computer …
Searches leading to this post:
wafw00f,
waf fingerprint
If you enjoyed this article, you might also like:
- December 13, 2009 -- UPDATE: wafw00f revision 24!
Guys! We spoke about wafw00f here. Our favourite web application firewall fingerprinting python scri... - September 6, 2009 -- Ear Trumpet: Test your firewalls!
Ear Trumpet is a good concept and its implementation by its author DigiNinja. The basic architecture... - October 26, 2009 -- NS2HTML – Generate friendly HTML rulebases from Netscreen config files!
All of us are well aware of the uses of a tool like nipper for Cisco devices. It also works for Nets... - July 20, 2010 -- SSDownloader: A Security Software Downloader!
SSDownloader or the Security Software Downloader is a small, easy to use download manager specially ... - May 27, 2010 -- Flint: A Firewall Checkup Tool!
Flint is a free, open source, web-based firewall rule scanner. It examines firewalls, quickly comput... - April 4, 2010 -- List of Free Firewalls for Windows!
We had a list of FREE firewalls lying with us. Thought we should share it with you. So here it is! A... - December 31, 2009 -- WAFP: Web Application Finger Printer!
As all of you must be aware that fingerprinting your target before you actually assess the same is v... - December 17, 2009 -- UPDATE: Lynis 1.2.9!
We wrote about Lynis here. The latest version – 1.2.9 is now out for all of you! Mr. Michael Boelen ... - December 9, 2009 -- UPDATE: Lynis 1.2.8!
We wrote about Lynis here. The latest version – 1.2.8 is now out for all of you! This release adds i...
Tagged as: firewall analysis, Firewall auditing, Firewall testing, firewalls, WAFW00F
Comments on this entry are closed.