Wafw00f (Web Application Firewall Detection)

Wafw00f (Web Application Firewall Detection)

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:

  • Cookies: Some WAF products add their own cookie in the HTTP communication.
  • Server Cloaking: Altering URLs and Response Headers
  • Response Codes: Different error codes for hostile pages/parameters values
  • Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
  • Pre Built-In Rules: Each WAF has different negative security signatures

WafW00f is based on these assumptions to determine remote WAFs.


Post a Comment

Post a Comment (0)

Previous Post Next Post

Oyun Hileleri Hack Haber