Wafw00f (Web Application Firewall Detection)
- Cookies: Some WAF products add their own cookie in the HTTP communication.
- Server Cloaking: Altering URLs and Response Headers
- Response Codes: Different error codes for hostile pages/parameters values
- Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
- Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
Post a Comment