Jump to content

Search the Community

Showing results for tags 'waf detect'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. WhatWaf? WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL's with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto assign protocol to HTTP or ability to force protocol to HTTPS A built in encoder so you can encode your payloads into the discovered bypasses More to come... Installation Installing whatwaf is super easy, all you have to do is the following: Have Python 2.7, Python 3.x compatibility is being implemented soon: sudo -s << EOF git clone https://github.com/ekultek/whatwaf.git cd whatwaf chmod +x whatwaf.py pip2 install -r requirements.txt ./whatwaf.py --help Proof of Concept First we'll run the website through WhatWaf and figure out which firewall protects it (if any): Next we'll go to that website and see what the page looks like: Hmm.. that doesn't really look like Cloudflare does it? Lets see what the headers say: And finally, lets try one of the bypasses that it tells us to try: Demo video Get involved! If you want to make some tamper scripts, want to add some functionality or just want to make something look better. Getting involved is easy: Fork the repository Edit the code to your liking Send a pull request I'm always looking for some helpful people out there, and would love help with this little side project I got going on, Thanks! Download: WhatWaf-master.zip git clone https://github.com/Ekultek/WhatWaf.git Source: https://github.com/Ekultek/WhatWaf
×
×
  • Create New...