当前位置:网站首页>[Web attack and Defense] WAF detection technology map
[Web attack and Defense] WAF detection technology map
2022-07-05 17:03:00 【Pineapple_ Orange lingering fragrance】
Welcome new students
… …
If a man is nameless , Then you can concentrate on practicing the sword
I'm not a salted fish , But a dead fish !
WAF Detection technology atlas
- Send a normal... From the browser GET request , Intercept and record the response header ( especially cookie)
- From the command line ( for example cURL) Request , And test the response content and header ( barring user-agent)
- Send to the randomly opened port GET request , And catch possible exposure WAF The slogan of identity
- If there is a login page somewhere , Form page, etc . Please try some common ( Easy to detect ) Payload , for example " or 1=1 -- -
- take ../../../etc/passwd Attach to URL Random parameters at the end
- stay url Add some attractive keywords at the end of , Such as 'or sleep(5)'
- Use outdated protocols ( Such as http/0.9) issue get request (http/0.9 I won't support it post Types of queries )
- A lot of times ,waf Change the server header according to different interaction types
- Delete operation technology : Send an original fin/rst Package to the server and identify the response
- Side channel attack : Check the timing behavior of request and response content
Identification tools
- wafw00f https://github.com/enablesecurity/wafw00f
- identywaf https://github.com/stamparm/identywaf
Reading pictures WAF( To be updated )
- Changting Safeline
- openRasp
- F5 WAF
- Safe dog
- D shield
- CICA security WAF
- Cloud lock
- UPUPW Safety protection
- pagoda WAF
- Network defense G01
- Patron saint
- Zhichuang firewall
- 360 Host guard or 360webscan
- Western number WTS-WAF
- Naxsi WAF
- Tencent cloud
- Tencent door god
- Tencent aegis
- Baidu cloud
- Hua Wei Yun
- Netherworld cloud
- Chuangyudun
- Xuanwu shield
- Aliyundun
- 360 Website guard
- Guardian of chianxin website
- Secure domain cloud WAF
- Iridium news WAF
- An hengming WAF
- Mod_Security WAF
- dotDefender WAF
- Unknown cloud WAF
The source of the picture is as follows :
https://www.mad-coding.cn/2019/12/19/waf Identification and bypass ( Keep adding )
https://mp.weixin.qq.com/s/4Ea-5Mm3mtHlU8mc7vuRZg
I smile to the sky from the horizontal knife , To keep the liver and gall
边栏推荐
- PHP 严格模式
- How to set the WiFi password of the router on the computer
- Games101 notes (I)
- Bs-xx-042 implementation of personnel management system based on SSM
- Allusions of King Xuan of Qi Dynasty
- PHP talent recruitment system development source code recruitment website source code secondary development
- Learnopongl notes (II) - Lighting
- Is it safe to open a securities account by mobile phone? Detailed steps of how to buy stocks
- 网站页面禁止复制内容 JS代码
- Detailed explanation of use scenarios and functions of polar coordinate sector diagram
猜你喜欢
为季前卡牌游戏 MotoGP Ignition Champions 做好准备!
Jarvis OJ Webshell分析
如何安装mysql
Error in composer installation: no composer lock file present.
Learnopongl notes (II) - Lighting
[61dctf]fm
Summary of methods for finding intersection of ordered linked list sets
ECU简介
[team PK competition] the task of this week has been opened | question answering challenge to consolidate the knowledge of commodity details
[first lecture on robot coordinate system]
随机推荐
Writing method of twig array merging
composer安装报错:No composer.lock file present.
[Jianzhi offer] 63 Maximum profit of stock
[Jianzhi offer] 66 Build product array
Games101 notes (III)
[61dctf]fm
dried food! Semi supervised pre training dialogue model space
【beanshell】数据写入本地多种方法
Machine learning compilation lesson 2: tensor program abstraction
麻烦问下,DMS中使用Redis语法是以云数据库Redis社区版的命令为参考的嘛
npm安装
Twig数组合并的写法
二叉树相关OJ题
【剑指 Offer】61. 扑克牌中的顺子
Accès aux données - intégration du cadre d'entité
Win11 prompt: what if the software cannot be downloaded safely? Win11 cannot download software safely
解决CMakeList find_package找不到Qt5,找不到ECM
[team PK competition] the task of this week has been opened | question answering challenge to consolidate the knowledge of commodity details
How was the middle table destroyed?
Jarvis OJ 简单网管协议