09-06-2012, 10:06 PM
assalamualaikum
mencoba buat thread nih tentang deteksi firewall di suatu site (maaf kalo salah)
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
Cookies: Some WAF products add their own cookie in the HTTP communication.
Server Cloaking: Altering URLs and Response Headers
Response Codes: Different error codes for hostile pages/parameters values
Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
mari dicoba
terus kita coba dah
ane tes kampus ane
nah jd intinya dia pake firewall tuh (maaf lagi kalo salah yah)
tested om BT 5 R3
sumber: http://www.aldeid.com/wiki/Wafw00f
sekian dr saya assalamualaikum
wine
mencoba buat thread nih tentang deteksi firewall di suatu site (maaf kalo salah)
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
Cookies: Some WAF products add their own cookie in the HTTP communication.
Server Cloaking: Altering URLs and Response Headers
Response Codes: Different error codes for hostile pages/parameters values
Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
mari dicoba
Quote: root@bt:~# cd /pentest/web/waffit/
root@bt:/pentest/web/waffit# ls
libs wafw00f.py
Quote:root@bt:/pentest/web/waffit# python wafw00f.py -help
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Usage: wafw00f.py url1 [url2 [url3 ... ]]
example: wafw00f.py http://www.victim.org/
Options:
-h, --help show this help message and exit
-v, --verbose enable verbosity - multiple -v options increase
verbosity
-a, --findall Find all WAFs, do not stop testing on the first one
-r, --disableredirect
Do not follow redirections given by 3xx responses
-t TEST, --test=TEST Test for one specific WAF
-l, --list List all WAFs that we are able to detect
--xmlrpc Switch on the XML-RPC interface instead of CUI
--xmlrpcport=XMLRPCPORT
Specify an alternative port to listen on, default 8001
-V, --version Print out the version
terus kita coba dah
ane tes kampus ane
Quote:root@bt:/pentest/web/waffit# python wafw00f.py -a -v http://xxx.com/
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Checking http://xxx.com/
INFO:roottarting wafw00f on http://xxx.com/
INFO:wafw00f:Sending GET /
INFO:wafw00f:Checking for Profense
INFO:wafw00f:Checking for NetContinuum
INFO:wafw00f:Checking for Barracuda
INFO:wafw00f:Checking for HyperGuard
INFO:wafw00f:Checking for BinarySec
INFO:wafw00f:Checking for Teros
INFO:wafw00f:Checking for F5 Trafficshield
INFO:wafw00f:Checking for F5 ASM
INFO:wafw00f:Checking for Airlock
INFO:wafw00f:Checking for Citrix NetScaler
INFO:wafw00f:Sending GET /cmd.exe
INFO:wafw00f:Sending GET /../../../../etc/passwd
INFO:wafw00f:Sending GET /<script>alert(1)</script>.html
INFO:wafw00f:Sending GET /%3Cscript%3Ealert%281%29%3C/script%3E.html
INFO:wafw00f:Checking for ModSecurity
INFO:wafw00f:Checking for DenyALL
INFO:wafw00f:Checking for dotDefender
INFO:wafw00f:Checking for webApp.secure
INFO:wafw00f:Sending GET /?nx=@@
WARNING:wafw00f:Hey.. they closed our connection!
INFO:wafw00f:Checking for BIG-IP
INFO:wafw00f:Checking for URLScan
INFO:wafw00f:Sending GET /
WARNING:wafw00f:Hey.. they closed our connection!
INFO:wafw00f:Checking for WebKnight
INFO:wafw00f:Checking for SecureIIS
INFO:wafw00f:Sending GET /
WARNING:wafw00f:Hey.. they closed our connection!
INFO:wafw00f:Checking for Imperva
INFO:root:Ident WAF: []
Generic Detection results:
INFO:wafw00f:Sending GET /<invalid>hello.html
INFO:wafw00f:Sending GET /%3Cinvalid%3Ehello.html
INFO:root:Generic Detection: Blocking is being done at connection/packet level.
The site http://xxx.com/ seems to be behind a WAF
Reason: Blocking is being done at connection/packet level.
Number of requests: 10
root@bt:/pentest/web/waffit#
nah jd intinya dia pake firewall tuh (maaf lagi kalo salah yah)
tested om BT 5 R3
sumber: http://www.aldeid.com/wiki/Wafw00f
sekian dr saya assalamualaikum
wine
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix