Thursday, April 3, 2014

Firewall Detection Tool Wafw00f



Introduction

This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image -
If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :
  • Cookies
  • ServerCloaking
  • Response Codes
  • Drop Action
  • Pre Built-In Rules

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details -

How to use wafw00f

Example 1 :
Usage :
  1. root@root :
wafw00f [ target url ]
  1. Example :
wafw00f www.***.com
  1. This example shows that www.***.com is behind the Web Application Firewall.
  2. www.***.com is behind the Imperva WAF.


Example 2 :
  • Here google.com is also behind the WAF .
  • All these images shows these website are using IDS and it blocks my request all the time .


Example 3 :
  • Flipkart is also using WAF (Web Application Firewall)

Example 4 :wafw00f -a  http://www.google.com/
Nothing found there either.


Example 5 :wafw00f -l -t http://www.google.com/
Nothing found there either.


No comments:

Post a Comment

Google+ Followers

Contact Form

Name

Email *

Message *