当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- Solution of vant tabbar blocking content
- Wechat official account web page authorization login is so simple
- Accès aux données - intégration du cadre d'entité
- [Jianzhi offer] 61 Shunzi in playing cards
- Machine learning compilation lesson 2: tensor program abstraction
- [729. My schedule I]
- 齐宣王典故
- The difference between searching forward index and inverted index
- composer安装报错:No composer.lock file present.
- npm安装
猜你喜欢
干货!半监督预训练对话模型 SPACE
Jarvis OJ 远程登录协议
![[61dctf]fm](/img/22/3e4e3f1679a27d8b905684bb709905.png)
[61dctf]fm
Etcd 构建高可用Etcd集群
Data access - entityframework integration
Basic introduction to the control of the row component displaying its children in the horizontal array (tutorial includes source code)
【性能测试】jmeter+Grafana+influxdb部署实战
Browser rendering principle and rearrangement and redrawing
【刷题篇】鹅厂文化衫问题
ECU introduction
随机推荐
[wechat applet] read the life cycle and route jump of the applet
Global Data Center released DC brain system, enabling intelligent operation and management through science and technology
【剑指 Offer】62. 圆圈中最后剩下的数字
How was the middle table destroyed?
Google Earth Engine(GEE)——Kernel核函数简单介绍以及灰度共生矩阵
npm安装
Wechat official account web page authorization login is so simple
国产芯片产业链两条路齐头并进,ASML真慌了而大举加大合作力度
The difference between searching forward index and inverted index
项目引入jar从私服Nexus 拉去遇到的一个问题
Games101 notes (I)
【beanshell】数据写入本地多种方法
【Web攻防】WAF检测技术图谱
[Jianzhi offer] 62 The last remaining number in the circle
Jarvis OJ Flag
Scratch colorful candied haws Electronic Society graphical programming scratch grade examination level 3 true questions and answers analysis June 2022
如何将mysql卸载干净
Summary of methods for finding intersection of ordered linked list sets
【性能测试】全链路压测
C# TCP如何设置心跳数据包,才显得优雅呢?