当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- JSON转MAP前后数据校验 -- 自定义UDF
- Deep dive kotlin synergy (XXI): flow life cycle function
- Can you help me see what the problem is? [ERROR] Could not execute SQL stateme
- Writing method of twig array merging
- [Jianzhi offer] 61 Shunzi in playing cards
- 手机开证券账户安全吗?怎么买股票详细步骤
- 树莓派4b安装Pytorch1.11
- Benji Bananas 会员通行证持有人第二季奖励活动更新一览
- 【jmeter】jmeter脚本高级写法:接口自动化脚本内全部为变量,参数(参数可jenkins配置),函数等实现完整业务流测试
- 【 brosser le titre 】 chemise culturelle de l'usine d'oies
猜你喜欢
随机推荐
Jarvis OJ Flag
Games101 notes (III)
ECU简介
Sentinel flow guard
网上办理期货开户安全吗?网上会不会骗子比较多?感觉不太靠谱?
【刷题篇】鹅厂文化衫问题
关于new Map( )还有哪些是你不知道的
【jmeter】jmeter脚本高级写法:接口自动化脚本内全部为变量,参数(参数可jenkins配置),函数等实现完整业务流测试
二叉树相关OJ题
Deep dive kotlin synergy (XXI): flow life cycle function
Application of threshold homomorphic encryption in privacy Computing: Interpretation
齐宣王典故
Binary tree related OJ problems
Jarvis OJ shell traffic analysis
PHP talent recruitment system development source code recruitment website source code secondary development
Machine learning compilation lesson 2: tensor program abstraction
Jarvis OJ 远程登录协议
Games101 notes (II)
Fleet tutorial 09 basic introduction to navigationrail (tutorial includes source code)
Yarn common commands