Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label WAF. Show all posts
Showing posts with label WAF. Show all posts

Sunday, January 28, 2018

Detect And Bypass Web Application Firewalls And Protection Systems - WhatWaf



Features
  • Ability to run on a single URL with the -u/--url flag
  • Ability to run through a list of URL's with the -l/--list flag
  • Ability to detect over 40 different firewalls
  • Ability to try over 20 different tampering techniques
  • Ability to pass your own payloads either from a file or from the terminal
  • Payloads that are guaranteed to produce at least one WAF triggering
  • Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
  • Ability to run behind Tor
  • Ability to run behind multiple proxy types (socks4, socks5, http, https)
  • Ability to use a random user agent, personal user agent, or custom default user agent
  • More to come...

Installation
Installing whatwaf is super easy, all you have to do is the following:
Have Python 2.7, Python 3.x compatibility is being implemented soon:
sudo -s << EOF
git clone https://github.com/ekultek/whatwaf.git
cd whatwaf
chmod +x whatwaf.py
pip2 install -r requirements.txt
./whatwaf.py --help

Proof of concept
First we'll run the website through WhatWaf and figure out which firewall protects it (if any):



Next we'll go to that website and see what the page looks like:



Hmm.. that doesn't really look like Cloudflare does it? Let's check what the HTTP headers server and cookies say:



And finally, lets try one of the bypasses that it tells us to try:



Demo vĂ­deo






Share:

Monday, December 12, 2016

Penetration testers favorite for WAF Bypassing - WAFNinja



WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up.

Usage:
wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ...
EXAMPLE:
fuzz:
python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" 
-c "phpsessid=value" -t xss -o output.html
bypass:
python wafninja.py bypass -u "http://www.target.com/index.php"  -p "Name=PAYLOAD&Submit=Submit"         
-c "phpsessid=value" -t xss -o output.html
insert-fuzz:
python wafninja.py insert-fuzz -i select -e select -t sql
positional arguments: {fuzz, bypass, insert-fuzz, insert-bypass, set-db}
Which function do you want to use?

fuzz check which symbols and keywords are allowed by the WAF.
bypass sends payloads from the database to the target.
insert-fuzz add a fuzzing string
insert-bypass add a payload to the bypass list
set-db use another database file. Useful to share the same database with others.

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
Share:

Sunday, June 26, 2016

Identifies and Fingerprints Web Application Firewall (WAF) Products - WAFW00F




WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.


How does it work?

To do its magic, WAFW00F does the following:
  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
For further details, check out the source code on the main site, github.com/sandrogauci/wafw00f .

What does it detect?

It detects a number of WAFs. To view which WAFs it is able to detect run WAFW00F with the -l option. At the time of writing the output is as follows:

$ ./wafw00f -l

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Can test for these WAFs:

Anquanbao
Juniper WebApp Secure
IBM Web Application Security
Cisco ACE XML Gateway
F5 BIG-IP APM
360WangZhanBao
ModSecurity (OWASP CRS)
PowerCDN
Safedog
F5 FirePass
DenyALL WAF
Trustwave ModSecurity
CloudFlare
Imperva SecureSphere
Incapsula WAF
Citrix NetScaler
F5 BIG-IP LTM
Art of Defence HyperGuard
Aqtronix WebKnight
Teros WAF
eEye Digital Security SecureIIS
BinarySec
IBM DataPower
Microsoft ISA Server
NetContinuum
NSFocus
ChinaCache-CDN
West263CDN
InfoGuard Airlock
Barracuda Application Firewall
F5 BIG-IP ASM
Profense
Mission Control Application Shield
Microsoft URLScan
Applicure dotDefender
USP Secure Entry Server
F5 Trafficshield

How do I use it?

For help please make use of the --help option. The basic usage is to pass it a URL as an argument. 

Example:


$./wafw00f https://www.ibm.com/

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking https://www.ibm.com/
The site https://www.ibm.com/ is behind a Citrix NetScaler
Number of requests: 6

How do I install it?

The following should do the trick:
python setup.py install
or
pip install wafw00f


Share:

Wednesday, February 3, 2016

Web Application firewall to Train Attacks - Raptor WAF



Raptor is an Open Source Tool, yout focus is study of attacks and find intelligent ways to block attacks.

Raptor is made in pure C, don’t use regex or other common ways to block attacks, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and bypasses at wafs.


WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...
  • You can block XSS, SQL injection attacks and path traversal with Raptor
  • You can use blacklist of IPs to block some users at config/blacklist ip.txt
  • You can use IPv6 and IPv4 at communications
  • At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.
  • At the future SSL/TLS...


to run:

$ git clone https://github.com/CoolerVoid/raptor_waf
$ cd raptor_waf; make; bin/raptor

Example

Up some HTTPd server at port 80
$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
you can test at http://localhost:8883/test.php

Look the docs

https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf

Tests:

509 of attacks, detect and block 349, 68% of attacks blocked



Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition