pFuzz is an advanced red teaming fuzzing tool which we developed for our research. It helps us to bypass web application firewall by using different methods at the same time. pFuzz web uygulama araştırmaları için geliştirdiğimiz, gelişmiş bir fuzzing aracıdır. Farklı güvenlik uygulamaları üzerinde çeşitli saldırı yöntemlerinin denenmesi konusunda süreci hızlandırmak için geliştirilmiştir. Description [EN] …
Tag Archives: web application firewall
Wafw00f : Identify & Fingerprint Web Application Firewall
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses …
Continue reading “Wafw00f : Identify & Fingerprint Web Application Firewall”
WAFw00f : Identify & Fingerprint Web Application Firewall (WAF) Products Protecting A Website
WAFW00F identifies and fingerprints Web Application Firewall (WAF) products. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF …
Janusec – Golang Based Application Security Solution Which Provides WAF
Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Also ReadPastego – Scrape/Parse Pastebin Using GO & Expression Grammar Janusec Key Features WAF (Web Application Firewall), block SQL Injection, …
Continue reading “Janusec – Golang Based Application Security Solution Which Provides WAF”
Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing
UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, …
Continue reading “Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing”
Reconnaissance, Identification & Fingerprinting of Web Application Firewall using WAFW00F
Web Application firewalls are typically firewalls working on the application layer which monitors & modifies HTTP requests. The key difference is that WAFs work on Layer 7 – Application Layer of the OSI Model. Basically, all WAFs protect against different HTTP attacks & queries like SQLi & XSS. Since the firewall is able to detect …