WAF
WAF (Web Application Firewall) helps protect the web application by filtering and monitoring HTTP traffic. It generally protects web applications from attacks such as cross-site scripting (XSS),DOS attack and SQL injection. WAF is not designed to defend against any attack.
wafw00f
The Wafw00f tool is a simple firewall detection tool pre-install in kali. Since the tool is very simple to use. Just type wafw00f and provide domain name.
 |
| Wafw00f Tool |
So what is wafw00f actually doing? It first sends and analyzes normal HTTP requests, then sends out abnormal requests such as injection methods, for example, and analyzes the answers again, if there is a familiar WAF ahead, it looks at the signature in the response.
Installation
sudo apt install wafw00f
Barracuda Application Firewall
BinarySec
Cisco ACE XML Gateway
Citrix NetScaler
Cloudflare
DenyALL WAF
eEye Digital Security – SecureIIS
F5 FirePass
F5 TrafficShield
F5 BIG-IP (LTM, APM, ASM)
IBM Web Application Security
IBM DataPower
Imperva SecureSphere
InfoGuard Airlock
Incapsula WAF
Juniper WebApp Secure
Microsoft ISA Server
Microsoft UrlScan
NetContinuum
Profense
TrustWave ModSecurity
Teros WAF
USP Secure Entry Server
Applicant dotDefender
Art of Defence HyperGuard
Aqtronix WebKnight
Demostration :
No comments:
Post a Comment