WhatWaf – Detect and bypass web application firewalls

0
0

Web application firewalls is an important part to secure your web application. The WAF consist of several filters and rule engine that will analyze and block malicious requests in real-time before they arrive to the web server. This is a good protection but they may include vulnerabilities that allow attacker to detect and bypass them. If you are looking to test a web application firewall you can check WhatWaf.

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.

WhatWaf - Detect and bypass web application firewalls

WhatWaf – Detect and bypass web application firewalls

Some of the advanced features for this tool is:

  • Ability to run on a single URL with the -u/–url flag
  • Ability to run through a list of URL’s with the -l/–list flag
  • Ability to detect over 40 different firewalls
  • Ability to try over 20 different tampering techniques
  • Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
  • Default payloads that should produce at least one WAF triggering
  • Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
  • Ability to run behind any proxy type that matches this regex:(socks\d+)?(http(s)?)?://
  • Ability to use a random user agent, personal user agent, or custom default user agent
  • Auto assign protocol to HTTP or ability to force protocol to HTTPS
  • A built in encoder so you can encode your payloads into the discovered bypasses
  • Automatic issue creation if an unknown firewall is discovered
  • Ability to send output to a JSON, CSV, or YAML file

You can read more and download the latest version on https://github.com/Ekultek/

Share