๐Ÿ› ๏ธ WAF fingerprinting

Theory

WAF stands for Web Application Firewall. Its goal is to protect the website behind it by filtering/monitoring the traffic. Fingerprinting is a method used to gather information (about any WAF in this context).

Practice

Tools

Detecting WAFs with WAFW00F.
1
wafw00f $URL
Copied!
Detecting WAFs with WhatWaf.
1
whatwaf -u $URL
Copied!
Detecting WAFs with nmap.
1
nmap -p 80,443 --script=http-waf-fingerprint $URL
Copied!
Another script called http-waf-detectcan be used. It detects IDS/IPS/WAF but doesn't give information about the vendor, or version...

Other examples

A manual testing workflow could be to check the cookies and response headers.
Cookies: some WAF can be identified by the cookie's name. Response headers: sometimes they are changed to apparently "confuse the attacker".

Resources

http-waf-fingerprint NSE Script
Last modified 22d ago