WAF Detection with WAFW00F (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

7 hours 6 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in this video, we're to use a tool called UAF Wolf. So kind of a silly name there, but this one's gonna allow us to identify if a web application firewall is in use on the target domain.
So we're gonna start off first in Cali. Here. We're just typing in half Wolf so that zeros and not capital owes in the tool name there. And then we just gonna do dash h to look at the help file so you'll see some of the flags that we can use for this particular tool.
Alright, so let's just clear a screen here now it's actually type in our command. So we're gonna do Wolf Wolf. We're then going toe list with the Dash l Command
and you'll see that these air, all the Web application firewalls that is going to test for
So now we're just gonna do a what Proof against the target. In this case, we're just gonna use certified hacker dot com
and we're gonna see if we can identify the Web application firewall in use or if there is one in use.
And so you see, here we get pretty quick results off that site. And so you see that we're using the mod security Spider labs waft on this particular site.
Alright, so let's just clear a screen here and we're gonna take a look at another target so we'll do Wolf wolf again.
And then in this case, we're gonna target amazon dot com and to see if there's any wafts in use on Amazon.
Alright, so we see here Amazon's using cloudfront, which makes sense right from Amazon a W s. So they're using that for the Web application firewall.
So next we're gonna check Microsoft dot com
and we'll do the dash a flag. So that way, it doesn't stop after a test. The first laugh S. O s. So, for example, if it identifies one laugh, it's not gonna stop the scan. And then we do the dash lower case V for verbose results,
and you'll see here we don't really getting information back, right? It tells us it looks like it's behind some kind of Web application for a while, but it doesn't tell us information about what that waft might be
Up Next