- Kali Linux Web Penetration Testing Cookbook
- Gilberto Nájera Gutiérrez
- 381字
- 2021-07-16 12:53:47
Identifying a web application firewall
A web application firewall (WAF) is a device or a piece of software that checks packages sent to a web server in order to identify and block those that might be malicious, usually based on signatures or regular expressions.
We can end up dealing with a lot of problems in our penetration test if an undetected WAF blocks our requests or bans our IP address. When performing a penetration test, the reconnaissance phase must include the detection and identification of a WAF, intrusion detection system (IDS), or intrusion prevention system (IPS). This is required in order to take the necessary measures to prevent being blocked or banned.
In this recipe, we will use different methods, along with the tools included in Kali Linux, to detect and identify the presence of a web application firewall between our target and us.
How to do it...
- Nmap includes a couple of scripts to test for the presence of a WAF. Let's try some on our vulnerable-vm:
nmap -p 80,443 --script=http-waf-detect 192.168.56.102
OK, no WAF is detected in this server, so we have no WAF in this server.
- Now, let's try the same command on a server that actually has a firewall protecting it. Here, we will use example.com; however, you may try it over any protected server.
nmap -p 80,443 --script=http-waf-detect www.example.com
Imperva is one of the leading brands in the market of web application firewalls; as we can see here, there is a device protecting this site.
- There is another script in Nmap that can help us to identify the device being used, more precisely. The script is as follows:
nmap -p 80,443 --script=http-waf-fingerprint www.example.com
- Another tool that Kali Linux includes to help us in detecting and identifying a WAF is
wafw00f. Supposewww.example.comis a WAF-protected site:wafw00f www.example.com
How it works...
WAF detection works by sending specific requests to servers and then analyzing the response; for example, in the case of http-waf-detect, it sends some basic malicious packets and compares the responses while looking for an indicator that a packet was blocked, refused, or detected. The same occurs with http-waf-fingerprint, but this script also tries to interpret that response and classify it according to known patterns of various IDSs and WAFs. The same applies to wafw00f.
- jQuery Mobile Web Development Essentials(Third Edition)
- 零基礎(chǔ)學(xué)C++程序設(shè)計
- Hands-On Image Processing with Python
- Mastering Spring MVC 4
- Internet of Things with Intel Galileo
- 琢石成器:Windows環(huán)境下32位匯編語言程序設(shè)計
- 大學(xué)計算機基礎(chǔ)實驗指導(dǎo)
- 區(qū)塊鏈技術(shù)與應(yīng)用
- Python語言實用教程
- Illustrator CC平面設(shè)計實戰(zhàn)從入門到精通(視頻自學(xué)全彩版)
- Python滲透測試編程技術(shù):方法與實踐(第2版)
- Practical Responsive Typography
- 數(shù)據(jù)結(jié)構(gòu)與算法詳解
- Python程序員面試算法寶典
- Developing RESTful Web Services with Jersey 2.0