WAF Detection with WAFW00F (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Hey everyone, welcome back to the course.
00:00
In this video, we're to use a tool called WAFW00F,
00:00
so a silly name there,
00:00
but this one is going to allow us to identify if
00:00
a Web application firewall is in
00:00
use on the target domain.
00:00
We're going to start off first in Kali here.
00:00
We're just typing in WAFW00F,
00:00
so that's zeros and not a
00:00
capital O's in their tool name there.
00:00
Then we're just going to do -h to look at the help file.
00:00
You'll see some of the flags that we can
00:00
use for this particular tool.
00:00
Let's just clear our screen here.
00:00
Now, let's actually type in our command.
00:00
We're going to do WAFW00F.
00:00
We're then going to list with a -l command,
00:00
and you'll see that these are all
00:00
the web application firewalls
00:00
that it's going to test for.
00:00
Now, we're just going to do a WAFW00F against a target.
00:00
In this case, we're just going to use
00:00
certifiedhacker.com,
00:00
and we're going to see if we can identify
00:00
the web application firewall in use,
00:00
or if there is one in use.
00:00
Now you see here we get
00:00
pretty quick results of that site,
00:00
and so you see that we're using
00:00
the ModSecurity SpiderLab's WAF on this particular site.
00:00
Let's just clear the screen here and we're going
00:00
to take a look at another target,
00:00
so we'll do WAFW00F again.
00:00
Then in this case, we're going to target amazon.com
00:00
and just see if there's any WAFs in use on Amazon.
00:00
We see here Amazon's using CloudFront,
00:00
which makes sense from Amazon AWS,
00:00
so they're using that for the web application firewall.
00:00
Next, we're going to check microsoft.com and we'll do
00:00
the -f [inaudible] so that way it doesn't
00:00
stop after it test the first WAF.
00:00
For example, if it identifies one WAF,
00:00
it's not going to stop the scan,
00:00
and then we do the -v for verbose results.
00:00
You'll see here, we don't really
00:00
get any information back.
00:00
It tells us, it looks like it's
00:00
behind some web application firewall,
00:00
but it doesn't tell us
00:00
information about what that WAF might be.
Up Next