There are some impressive freeware & open source tools in the scene now. This is an exciting time to be in the network security business. WAFW00F is one such tools that is being updated quite frequently & which is worked upon almost every month.
WAFW00F allows you fingerprint WAF products protecting a website. The tool as of now can fingerprint 20 WAF products. How can it do that? Possibly, it is looking at the following:
- Cookies - Some WAF products add their own cookie in the HTTP communication.
- Server Cloaking - Altering URLs and Response Headers.
- Response Codes - Different error codes for hostile pages/parameters values.
- Drop Action - Sending a FIN/RST packet. This can also be a false positive for an IDS/IPS.
- Pre Built-In Rules - Each WAF has different negative security signatures. A study is done of all them WAF products.
Now, whats really good about this tool is that it can also detect ModSecurity too! Here is what we did: We set up a test enviornment with ModSecurity and ran the python script. Here are the results:
This is the screen that you get when you run WAFW00F. Now, we ran it against the test machine:
wafw00f.py http://localhost
Here is what we got:
It surely does what it says eh?
Best of luck hunting!
Get WAFW00f here.
Related External Links
- hardware firewall » Archive du blog » Thinking Made Easy: Computer …
wafw00f, wafw00f py, waf fingerprinting, wafw00f ???????, waf - Web Application Firewall Detection Tool, waf fingerprinting results, w00f waf, web application firewall audit waf, Web Application Fingerprint, download wafw00f, securi fingerprinting web applications, remote fingerprinting waf, nmap script WAF, linux web application firewall, firewall testing tools, fingerprint web application download, fingerprint application web, web application firewall testing tools open source
You must log in to post a comment.