Jump to content
Fi8sVrs

WhatWaf - Detect and bypass web application firewalls and protection systems

Recommended Posts

  • Active Members

WhatWaf?

WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.

 

Features

  • Ability to run on a single URL with the -u/--url flag
  • Ability to run through a list of URL's with the -l/--list flag
  • Ability to detect over 40 different firewalls
  • Ability to try over 20 different tampering techniques
  • Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
  • Default payloads that are guaranteed to produce at least one WAF triggering
  • Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
  • Ability to run behind multiple proxy types (socks4, socks5, http, https and Tor)
  • Ability to use a random user agent, personal user agent, or custom default user agent
  • Auto assign protocol to HTTP or ability to force protocol to HTTPS
  • A built in encoder so you can encode your payloads into the discovered bypasses
  • More to come...

 

Installation

Installing whatwaf is super easy, all you have to do is the following:

Have Python 2.7, Python 3.x compatibility is being implemented soon:

sudo -s << EOF
git clone https://github.com/ekultek/whatwaf.git
cd whatwaf
chmod +x whatwaf.py
pip2 install -r requirements.txt
./whatwaf.py --help

 

Proof of Concept

First we'll run the website through WhatWaf and figure out which firewall protects it (if any):

687474703a2f2f6936372e74696e797069632e63

Next we'll go to that website and see what the page looks like:

687474703a2f2f6936342e74696e797069632e63

Hmm.. that doesn't really look like Cloudflare does it? Lets see what the headers say:

687474703a2f2f6936362e74696e797069632e63

 

And finally, lets try one of the bypasses that it tells us to try:

687474703a2f2f6936362e74696e797069632e63

 

Demo video

 

 

Get involved!

If you want to make some tamper scripts, want to add some functionality or just want to make something look better. Getting involved is easy:

  1. Fork the repository
  2. Edit the code to your liking
  3. Send a pull request

I'm always looking for some helpful people out there, and would love help with this little side project I got going on, Thanks!

 

Download: WhatWaf-master.zip

git clone https://github.com/Ekultek/WhatWaf.git

 

Source: https://github.com/Ekultek/WhatWaf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...