当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- 【机器人坐标系第一讲】
- 网站页面禁止复制内容 JS代码
- Win11 prompt: what if the software cannot be downloaded safely? Win11 cannot download software safely
- npm安装
- Global Data Center released DC brain system, enabling intelligent operation and management through science and technology
- How does win11 change icons for applications? Win11 method of changing icons for applications
- Wsl2.0 installation
- The difference between searching forward index and inverted index
- Is it safe to open an account for digging wealth stocks? How is it safe to open a stock account?
- C how TCP restricts the access traffic of a single client
猜你喜欢
![[61dctf]fm](/img/22/3e4e3f1679a27d8b905684bb709905.png)
随机推荐
C# TCP如何设置心跳数据包,才显得优雅呢?
Sentinel flow guard
如何安装mysql
Accès aux données - intégration du cadre d'entité
Jarvis OJ Flag
Games101 notes (II)
【刷题篇】鹅厂文化衫问题
It is forbidden to copy content JS code on the website page
Games101 notes (III)
Benji Bananas 会员通行证持有人第二季奖励活动更新一览
Clear restore the scene 31 years ago, volcanic engine ultra clear repair beyond classic concert
Is it safe to open an account for digging wealth stocks? How is it safe to open a stock account?
【剑指 Offer】63. 股票的最大利润
Is it safe to open a securities account by mobile phone? Detailed steps of how to buy stocks
[echart] resize lodash to realize chart adaptation when window is zoomed
Copy mode DMA
采用药丸屏的iPhone14或引发中国消费者的热烈抢购
[es6] add if judgment or ternary operator judgment in the template string
阈值同态加密在隐私计算中的应用:解读
Solve cmakelist find_ Package cannot find Qt5, ECM cannot be found