当前位置:网站首页>[Web attack and Defense] WAF detection technology map

[Web attack and Defense] WAF detection technology map

2022-07-05 17:03:00 Pineapple_ Orange lingering fragrance

Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword

I'm not a salted fish , But a dead fish !

WAF Detection technology atlas

  1. Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
  2. From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
  3. Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
  4. If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
  5. take ../../../etc/passwd Attach to URL Random parameters at the end
  6. stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
  7. Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
  8. A lot of times ,waf Change the server header according to different interaction types
  9. Delete operation technology : Send an original fin/rst Package to the server and identify the response
  10. Side channel attack : Check the timing behavior of request and response content

Identification tools

  • wafw00f https://github.com/enablesecurity/wafw00f
  • identywaf https://github.com/stamparm/identywaf
 

Reading pictures WAF( To be updated )

  • Changting Safeline

Insert picture description here

  • openRasp

Insert picture description here

  • F5 WAF
![ Insert picture description here ](https://img-blog.csdnimg.cn/d91789bd2e0d4c44a328881ef3359302.png)
  • Safe dog

Insert picture description here

  • D shield

Insert picture description here

  • CICA security WAF

Insert picture description here

  • Cloud lock

Insert picture description here

  • UPUPW Safety protection

Insert picture description here

  • pagoda WAF

Insert picture description here

  • Network defense G01

Insert picture description here

  • Patron saint

Insert picture description here

  • Zhichuang firewall

Insert picture description here

  • 360 Host guard or 360webscan

Insert picture description here

  • Western number WTS-WAF

Insert picture description here

  • Naxsi WAF

Insert picture description here

  • Tencent cloud

Insert picture description here

  • Tencent door god

Insert picture description here

  • Tencent aegis

Insert picture description here

  • Baidu cloud

Insert picture description here

  • Hua Wei Yun

Insert picture description here

  • Netherworld cloud

Insert picture description here

  • Chuangyudun

Insert picture description here

  • Xuanwu shield

Insert picture description here

  • Aliyundun

Insert picture description here

  • 360 Website guard

Insert picture description here

  • Guardian of chianxin website

Insert picture description here

  • Secure domain cloud WAF

Insert picture description here

  • Iridium news WAF

Insert picture description here

  • An hengming WAF

Insert picture description here

  • Mod_Security WAF

Insert picture description here

  • dotDefender WAF

Insert picture description here

  • Unknown cloud WAF

Insert picture description here

The source of the picture is as follows :

https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )

https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg

I smile to the sky from the horizontal knife , To keep the liver and gall

原网站

版权声明
本文为[Pineapple_ Orange lingering fragrance]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/186/202207051623035347.html

边栏推荐

猜你喜欢

随机推荐