Skip to main content

Posts

Showing posts from August, 2013

Bypassing Web Application Firewall - Part 2

Automating WAF Fingerprinting with Burp,Nmap and wafw00f: Burp Suite is an integrated platform for performing security testing of web applications. It is a really powerful tool, if you have the knowledge to use it. One thing we can do with it, of course, is to fingerprint a WAF, and that’s what we are going to do right now. There is no installation needed, but you need to have Java installed in your PC (you can download JDK from here: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html ). After the Java installa tion, head to the Portswiggers download section, and download the free plain .jar version of Burp suite (https://portswigger.net/burp/download.html ). As long as you have downloaded it, the first step is to set a Manual proxy configuration in your browser. For example in Firefox, you go to Settings-Advanced-Network-Connection Set- tings, you select the Manual proxy configuration and fill it in with 127.0.0.1 in the HTTP Pro...
Read more

Bypassing Web Application Firewall - Part 1

You can encounter many forms of WAF installations, such as server plugins, filters, or even customized WAFs for a certain application. Also, there are different types of WAFs that we can distinguish in the following three categories: 1.                                                                       Appliance-based Web application firewalls 2.                                                  ...
Read more