 |
VOOZH | about |
|
VOOZH | about |
Web Application Firewall (WAF) is a safeguard between your web application and the internet, which inspects traffic and stops malicious activity before it hits your server. As a penetration tester, ethical hacker, or security analyst, you first must determine whether a WAF exists on the target system before you do vulnerability testing. That's because a WAF might filter, block, or manipulate your test results, providing you with false negatives or biased information.
👁 Relationship between VPN and Firewalls
A web application firewall (WAF) protects web applications by filtering, monitoring, and blocking harmful HTTP/S traffic. It acts as a barrier between the internet and your web server, preventing application-layer attacks such as:
It is important because web apps are the top attack target, and a WAF reduces the risk of data breaches by blocking these threats in real time. If you manage or audit a server or website, detecting whether a WAF is in place is essential before attempting any vulnerability testing or ethical hacking.
So there are basically two methods for Identifying a web application firewall in a network:
Telnet is a simple command-line tool used to connect to remote hosts and manually test responses over a specified port (commonly port 80 for HTTP). This method helps you identify the backend server software and hints at whether a WAF is present.
Step 1: Telnet Targetwebsite.com 80 (type this command on your terminal)
┌──(root????DESKTOP-SK08UEQ)-[/home/kali]
└─# telnet testphp.vulnweb.com 80
Trying 44.228.249.3...
Connected to testphp.vulnweb.com.
Escape character is '^]'.
Step 2: After running the command above, write HEAD / HTTP / 1.1 and press the enter key.
┌──(root????DESKTOP-SK08UEQ)-[/home/kali]
└─# telnet testphp.vulnweb.com 80
Trying 44.228.249.3...
Connected to testphp.vulnweb.com.
Escape character is '^]'.
HEAD / HTTP / 1.1
HTTP/1.1 400 Bad Request
Server: nginx/1.19.0
Date: Tue, 05 Jul 2022 17:20:03 GMT
Content-Type: text/html
Content-Length: 157
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
Connection closed by foreign host.
It indicates the server on which the website is hosted and the back-end language on which it was created after using telnet on the target port 80.
Wafw00f is a powerful WAF detection tool built for penetration testers and bug bounty hunters. It automatically identifies known WAFs by analyzing how websites respond to different HTTP requests.
Step 1: Find Using Wafw00f
The zip package is available for download from the official GitHub source. Download the Wafwoof Tool. You can also use the git client to clone the repository. To get the package, run the commands:
Step 2: git clone https://github.com/EnableSecurity/wafw00f (Write On Your Linux Terminal and hit Enter)
Step 3: python setup.py install (Write On Your Linux Terminal and hit Enter)
Step 4: wafw00f <url> (For Ex. wafw00f http://testphp.vulnweb.com/).
Step 5: To use it in verbose mode, run the following command.
wafw00f <url> -v Identifying a Web Application Firewall (WAF) is an essential first step prior to doing any penetration testing, ethical hacking, or web vulnerability scanning. As a bug bounty hunter, security analyst, or system administrator, it is important to learn how to identify whether a website is being protected by a WAF so that you can save time and select the appropriate method of testing.
Understanding about the availability of a WAF aids you in organizing improved web application security plans and preventing false alarms while web app testing. As most cyberattacks are now directed at the application layer, an optimized WAF is crucial to eliminate the risk of data breaches, SQL injections, XSS, and other key web threats.