Saturday, May 18, 2019

WAFw00f- Detect and Fingerprint All the Web Application Firewall

If you are an advanced PC user, there is no need to tell you about the firewall.

We all have a firewall in our computers even on Androids to prevent unauthorized access to our Network. We can set up a firewall on both hardware and software.

But here we are not going to talk about setup a firewall, we are going to talk about taking down a firewall. You might know that the first step of hacking a system is information gathering and we must know the type of firewall and all the information about it. Here we are going to take a tool in use to complete this step.

WAFw00f  tool can identify and fingerprint all the web application firewall. WAFw00f tool works in three ways.

1. It sends a normal HTTP request and analyzes the response to identify the number of Web Application Firewall solutions.
2. Sometimes simple ways do not work. That is why if the above way doesn't give a successful result, it sends a number of potentially malicious HTTP requests and uses simple logic to identify which Web Application Firewall it is.
3. If the two ways discussed above do not work, it analyzes the same responses previously got but with another algorithm to detect if any Web Application firewall active or responding to our attacks.

This tool can detect several types of firewalls and this number is enough to know about a WAF(Web Application Firewall). The tool is really advanced and it can help you a lot.

Let's see how it works.

Configuring it on Kali Linux

Fire up your Kali Linux machine, open up the terminal, change the directory to the Desktop and download/clone the tool from Github.

cd Desktop/

Now change the directory to the 'wafw00f' folder and expand it. here you can see a script named  setup.py. It is a python script and we need the following command to run it.

sudo python setup.py install

Great! We are all set.

How to Use it?

The tool is very easy to use. We just need the command-

wafw00f http://example.net
WAFw00f- Detect and Fingerprint All the Web Application Firewall

This will bring out all the possible results.

Conclusion

If we want to hack a system we must collect every single piece of information about that system. Information is everything. The world is built on information.

These tools can help us a lot to pass many steps of hacking a system. we can't ignore them. Sometimes a little information can give us all the things we want.

The tool is really good. What is your opinion? tell us in the comment box.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox