WAF-Buster : Disrupt WAF by abusing SSL/TLS Ciphers

August 23, 2018

WAF-buster tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use Curl to query web server with each and every Cipher to check which of the ciphers are unsupported by WAF and supported by Web server , if any such Cipher is found then a message is displayed that “Firewall is bypassed”.

WAF-Buster Installation

git clone https://github.com/viperbluff/WAF_buster.git

Usage

Open terminal
python2 WAF_buster.py --input

Screenshots

Credit : Sahil Tikoo

WAF-Buster : Disrupt WAF by abusing SSL/TLS Ciphers

WAF-Buster Installation

Usage

Screenshots

APPLICATIONS

vArmor : Enhancing Container Security In Cloud-Native Environments

SharpRDP : RDP Application For Authenticated Command Execution

iOS Frequent Locations Dumper – A Comprehensive Guide To Extracting Location Data

How To Improve The Cyber Security Of A Law Firm

HOT NEWS

Self XSS : Grab Cookies Tricking Users Into Running...

EVEN MORE NEWS

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And...

POPULAR CATEGORY

BadOutlook : Malicious Outlook Reader

RogueWinRM : Windows Local Privilege Escalation From Service Account To System

UFS : Ultimate Facebook Scraper