🛠️ WAF fingerprinting

Theory

WAF stands for Web Application Firewall. Its goal is to protect the website behind it by filtering/monitoring the traffic. Fingerprinting is a method used to gather information (about any WAF in this context).

Practice

Tools

Detecting WAFs with WAFW00F.

wafw00f $URL

Detecting WAFs with WhatWaf.

whatwaf -u $URL

Detecting WAFs with nmap.

nmap -p 80,443 --script=http-waf-fingerprint $URL

Another script called http-waf-detectcan be used. It detects IDS/IPS/WAF but doesn't give information about the vendor, or version...

Other examples

A manual testing workflow could be to check the cookies and response headers.

Cookies: some WAF can be identified by the cookie's name. Response headers: sometimes they are changed to apparently "confuse the attacker".

References