Identifying a web application firewall

-

A Web Application Firewall (WAF) inspects packets sent to a web server to identify and block potentially malicious packets, usually based on signatures or regular expressions. device or software.

Undetected WAF blocking requests or banning IP addresses can cause a lot of problems in penetration testing. When conducting penetration testing, the reconnaissance phase should include detection and identification of WAFs, intrusion detection systems (IDS), or intrusion prevention systems (IPS). This is necessary in order to take the necessary measures to prevent suspension or blocking.

This article uses various methods and tools included in Kali Linux to detect and identify the presence of his web application firewall between the target and us.


There are two ways to identify a WAF

    -- using nmap script

    -- using the tool wafw00f


1] Nmap has some scripts to test for the presence of a WAF Included.

    nmap — script http-waf-detect 192.168.0.100 -p80



There is no WAF on this server because no WAF is detected on this server.

2] Try the same command on a real firewalled server. Here we use example.com

    nmap — script http-waf-detect www.example.com -p80



Imperva is one of the leading brands in the web application firewall market


3] Nmap has another script that can help identify the device being used more precisely. Here is the script: 

    nmap --script=http-waf-fingerprint www.example.com -p80


4] Another tool included with Kali Linux to detect WAF identifying IDS is wafw00f. Let's assume www.example.com is a WAF protected website.     

    wafw00f  www.example.com




WAF detection works by sending specific requests to server and then analyzing the response; for example, in the case of http-waf-detect, it sends some basic malicious packets and compare the responses, looking for indicators that the packets are blocked, denied, or detected. The same thing happens with http-waf-fingerprint, but this script also interprets this response and tries to classify it according to known patterns of various IDSs and WAFs. The same applies to wafw00f.




#WAF #firewall #security


Comments

Post a Comment

Popular posts from this blog

Need of Security Awareness

-
Image
In today's digital landscape, securing sensitive data has become crucial for protecting sensitive information, maintaining privacy, and safeguarding against potential cyber threats. The increasing prevalence of technology and connectivity has amplified the importance of proactive security measures and robust data encryption. By employing encryption methodologies, organizations can reduce the risk of unauthorized access and ensure the confidentiality, integrity, and authenticity of their data.  Additionally, implementing effective encryption practices provides a practical means to enhance overall cybersecurity posture and mitigate potential breaches. In this post, we explore the imperative nature of security awareness and provide practical tips to enhance it, emphasizing the significance of regular training and proactive measures to fortify the resilience of cyber defenses. By empowering employees to recognize and respond to security incidents and providing comprehensive guidance on...
Read more

Security breaches of remote working

-
Image
The advent of remote working has revolutionized the way we work, allowing individuals and organizations to remain productive while enjoying the flexibility of location independence. Whether it's working from the comfort of our homes, collaborating with colleagues across different time zones, or accessing company resources from remote locations, remote work has become an integral part of our professional lives. However, as the boundaries between work and personal life blur, so do the potential risks to digital security. Remote working introduces unique challenges and vulnerabilities that can expose sensitive data and confidential information to cyber threats. From phishing attacks to weak passwords, insecure Wi-Fi networks to endpoint vulnerabilities, remote workers must be aware of these security breaches and take proactive measures to safeguard their digital assets. In this article, we will explore some of the common security breaches associated with remote working, providing real...
Read more