当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- If you can't afford a real cat, you can use code to suck cats -unity particles to draw cats
- 美国芯片傲不起来了,中国芯片成功在新兴领域夺得第一名
- 【jmeter】jmeter脚本高级写法:接口自动化脚本内全部为变量,参数(参数可jenkins配置),函数等实现完整业务流测试
- 时间戳strtotime前一天或后一天的日期
- Yarn common commands
- Apple has abandoned navigationview and used navigationstack and navigationsplitview to implement swiftui navigation
- The first EMQ in China joined Amazon cloud technology's "startup acceleration - global partner network program"
- Enter a command with the keyboard
- Accès aux données - intégration du cadre d'entité
- Is it safe to open an account for digging wealth stocks? How is it safe to open a stock account?
猜你喜欢
![[team PK competition] the task of this week has been opened | question answering challenge to consolidate the knowledge of commodity details](/img/d8/a367c26b51d9dbaf53bf4fe2a13917.png)
[team PK competition] the task of this week has been opened | question answering challenge to consolidate the knowledge of commodity details
Jarvis OJ shell流量分析
飞桨EasyDL实操范例:工业零件划痕自动识别
NPM installation
Jarvis OJ Flag
![[729. My schedule I]](/img/e3/32914227d00cf7595ee850e60f2b72.png)
[729. My schedule I]
Practical example of propeller easydl: automatic scratch recognition of industrial parts
![[brush questions] effective Sudoku](/img/5b/3064170bebd1ccbee68d6a85d23830.png)
[brush questions] effective Sudoku
The first EMQ in China joined Amazon cloud technology's "startup acceleration - global partner network program"
拷贝方式之DMA
随机推荐
C how TCP restricts the access traffic of a single client
American chips are no longer proud, and Chinese chips have successfully won the first place in emerging fields
[wechat applet] read the life cycle and route jump of the applet
Learnopongl notes (II) - Lighting
How can C TCP set heartbeat packets to be elegant?
解决CMakeList find_package找不到Qt5,找不到ECM
二叉树相关OJ题
[729. My Schedule i]
Combined use of vant popup+ other components and pit avoidance Guide
Browser rendering principle and rearrangement and redrawing
How does the outer disk futures platform distinguish formal security?
WSL2.0安装
Benji Banas membership pass holders' second quarter reward activities update list
Is it safe to open a securities account by mobile phone? Detailed steps of how to buy stocks
The first EMQ in China joined Amazon cloud technology's "startup acceleration - global partner network program"
浏览器渲染原理以及重排与重绘
[Jianzhi offer] 61 Shunzi in playing cards
【刷題篇】鹅廠文化衫問題
关于new Map( )还有哪些是你不知道的
Summary of PHP pseudo protocol of cisp-pte