当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- 【729. 我的日程安排表 I】
- [61dctf]fm
- 【组队 PK 赛】本周任务已开启 | 答题挑战,夯实商品详情知识
- Timestamp strtotime the day before or after the date
- Keras crash Guide
- Jarvis OJ webshell analysis
- 深耕5G,芯讯通持续推动5G应用百花齐放
- File operation --i/o
- If you can't afford a real cat, you can use code to suck cats -unity particles to draw cats
- Application of threshold homomorphic encryption in privacy Computing: Interpretation
猜你喜欢
Solve cmakelist find_ Package cannot find Qt5, ECM cannot be found
Solution of vant tabbar blocking content
dried food! Semi supervised pre training dialogue model space
【729. 我的日程安排表 I】
机器学习编译第2讲:张量程序抽象
How does win11 change icons for applications? Win11 method of changing icons for applications
解决CMakeList find_package找不到Qt5,找不到ECM
Browser rendering principle and rearrangement and redrawing
WSL2.0安装
DenseNet
随机推荐
數據訪問 - EntityFramework集成
【剑指 Offer】66. 构建乘积数组
【刷题篇】鹅厂文化衫问题
tf. sequence_ Mask function explanation case
DenseNet
PHP talent recruitment system development source code recruitment website source code secondary development
高数 | 旋转体体积计算方法汇总、二重积分计算旋转体体积
Do sqlserver have any requirements for database performance when doing CDC
【729. 我的日程安排表 I】
Deep dive kotlin synergy (XXI): flow life cycle function
[js] skill simplification if empty judgment
Cs231n notes (bottom) - applicable to 0 Foundation
Excuse me, is the redis syntax used in DMS based on the commands of the redis community version of the cloud database
easyNmon使用汇总
Jarvis OJ Telnet Protocol
国内首家 EMQ 加入亚马逊云科技「初创加速-全球合作伙伴网络计划」
手机开证券账户安全吗?怎么买股票详细步骤
ECU introduction
挖财股票开户安全吗?怎么开股票账户是安全?
[team PK competition] the task of this week has been opened | question answering challenge to consolidate the knowledge of commodity details