Web application attacks expanding day by day, Attacker wants to exploit flaws in their applications, and Website administrator best way to detect attackers’ footprints in websites’ Web Application Firewall.
This will be detecting and block the specific patterns on the web applications. Pentester, well never exweb applications abilities on application rather he/she might be identifying the presence of a Web Application Firewall.
- WAFW00f is the inbuilt tool in Kali distribution or else you can install it manually.
- It can detect around the Top 22 web application firewalls, so wafw00f is a phase of information gathering initially.
Limitations of WAFW00F
- The above-seen figure describes the list of web application firewalls that will be identified or detected by Wafw00f.
Presence of Web Application Firewall
- The above-shown figure shows a pentester or attacker-identified web application firewall presence.
- Here blocking is being done at the connection or packet level.
Identifying specific firewall
- If a pentester knows how to bypass mod_security and if/she wants to know the presence of mod security.
- So you can use wafw00f url -t Firewallname.
- Above shown figure, Pentester has observed there is no ModSecurity in the web application.
So it’s always good to Identify the barriers in web applications before you exploit them.
Checking for XML-RPC
XML-RPC is a remote procedure call (RPC) protocol that utilizes XML to encode its calls and HTTP as a transport mechanism.
“XML-RPC” also refers generically to the use of XML for remote procedure calls, separately from the specific protocol.