Detect Web Application Firewall (WAF) before you attack

WEB APPLICATION FIREWALL BASICS:-

WAF (Web application firewalls) plays an important role in securing the websites. As they filter/ monitor the traffic. Web Application Firewalls offers protection against large vulnerabilities. Many companies now days are upgrading their existing infrastructure to implement web application firewalls. Web application firewalls cannot be resolve security problems on its own, proper configuration must be done to identify and block the external attacks.

Before starting you must know, where web application firewall is used over the network. In the below image Web application firewall is between the classic firewall and the web server. Web application firewall monitor the traffic and protects from outside attacking.

 

FINGERPRINTING:-

Before knowing the web application firewall it is important to gather basic information of the target. Fingerprint is the method used to gather information about the target as much possible. The most common method for the pentesters is to fingerprint the target web presence. With this fingerprinting the pentester may develop an accurate attack scenario, which will find an vulnerability further. Now we wil use basic telnet for fingerprinting a website.

FINGERPRINTING USING TELNET: 

Telnet is a tool mostly used by network administrators/pentesters. Telnet allows you to connect remote computers on any port as mentioned.

  • Many of the web application firewall leave (or insert) HTTP parameters in response headers.
  • With the help of telnet you can find basic fingerprinting information like server, cookies which can be in fingerprinting.
  • Type telnet testsite.com 80
root@kali:/home/iicybersecurity# telnet testsite.com 80
Trying 14.139.40.44...
Connected to testsite.com.
Escape character is '^]'.
  • After executing the above command type GET / HTTP / 1.1 and press enter key 2 times as shown below.
  • You can also HEAD / HTTP / 1.1 and POST / HTTP / 1.1 for further analysis.
GET / HTTP/1.1
HTTP/1.1 200 OK
Server: Apache/2.2.9 (Debian) mod_fcgid/2.3.6
X-Powered-By: PHP/5.5.10-1~dotdeb.1
ETag: "2aa7c09658dda1cc89e2bd3b9673569d"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSf528764d624db129b32c21fbca0cb8d6=o28jpp8kikr00m5io9l3boo1f4; expires=Thu, 27-Dec-2018 09:23:13 GMT; Max-Age=2000000; path=/
Last-Modified: Tue, 04 Dec 2018 05:44:52 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 63145
Date: Tue, 04 Dec 2018 05:49:53 GMT
X-Varnish: 1823464611
Age: 0
Via: 1.1 varnish
Connection: keep-alive
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="utf-8">

=============================SNIPP===========================


</body>
</html>Connection closed by foreign host.
  • After using the telnet on the target port 80, it shows the server on which website is hosted and the backend language on which website has been written (marked in RED). The above information can be used in other hacking activities.
  • Above output also returns “X-Varnish: 1823464611″
  • Varnish is actually a caching HTTP reverse proxy. Varnish reduces the web application threats. This HTTP parameter in HTTP response we found using telnet shows the presence of Varnish in the target.

 

FINGERPRINTING USING NMAP :- 

  • Nmap is the security auditing tool mostly used by pentesters and network adminstrators. Nmap is used in information gathering of the target.
  • Type

nmap –script=http-waf-fingerprint testsite.com 

or type

nmap –script=http-waf-fingerprint –script-args http-waf-fingerprint.intensive=1 testsite.com

root@kali:/home/iicybersecurity# nmap --script=http-waf-fingerprint testsite.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-04 02:58 EST
Nmap scan report for testsite.com (200.252.149.141)
Host is up (0.38s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
| http-waf-fingerprint:
| Detected WAF
| Citrix Netscaler
443/tcp open https
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 31.98 seconds
  • After executing the nmap command, detect the web application firewall citrix netscaler.

FINGERPRINTING USING WAFW00F :-

  • Wafw00f is the most well known tool to detect the web application firewall. Wafw00f sends the http request which identifies the web application firewall.
  • Sometimes while sending HTTP request doesn’t work then wafw00f sends the malicious http request.
  • If  sending an malicious HTTP request failed wafw00f analyze previously HTTP request and uses simple algorithm to check if web application firewall is responding our attacks or not.
  • Wafw00f does not come preinstalled in kali linux distros. For installing type

git clone https://github.com/EnableSecurity/wafw00f.git

root@kali:/home/iicybersecurity# git clone https://github.com/EnableSecurity/wafw00f.git
Cloning into 'wafw00f'...
remote: Enumerating objects: 28, done.
remote: Counting objects: 100% (28/28), done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 874 (delta 16), reused 13 (delta 2), pack-reused 846
Receiving objects: 100% (874/874), 195.05 KiB | 341.00 KiB/s, done.
Resolving deltas: 100% (522/522), done.
  • Type cd wafw00f
  • Then type ls
root@kali:/home/iicybersecurity# cd wafw00f
root@kali:/home/iicybersecurity/wafw00f# ls
CREDITS.txt docs LICENSE Makefile MANIFEST.in nose.cfg README.md setup.py wafw00f
  • Type python setup.py install
root@kali:/home/iicybersecurity/wafw00f# python setup.py install
running install
running bdist_egg
running egg_info
creating wafw00f.egg-info
writing requirements to wafw00f.egg-info/requires.txt
writing wafw00f.egg-info/PKG-INFO
writing top-level names to wafw00f.egg-info/top_level.txt
writing dependency_links to wafw00f.egg-info/dependency_links.txt
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-i686/egg
running install_lib
running build_py
creating build
creating build/lib.linux-i686-2.7
creating build/lib.linux-i686-2.7/wafw00f
copying wafw00f/manager.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/wafprio.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/main.py -> build/lib.linux-i686-2.7/wafw00f
copying wafw00f/__init__.py -> build/lib.linux-i686-2.7/wafw00f
creating build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/incapsula.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/comodo.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipltm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/teros.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/uspses.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/radware.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ibmdatapower.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/modsecuritycrs.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/secureiis.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/netcontinuum.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/urlscan.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/barracuda.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/wallarm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/missioncontrol.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/betterwpsecurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/airlock.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/netscaler.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/imperva.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/fortiweb.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5firepass.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/denyall.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/hyperguard.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/sucuri.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/naxsi.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/safedog.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/anquanbao.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/chinacache.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/nsfocus.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/__init__.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/modsecurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/edgecast.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/webknight.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/west263cdn.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/dosarrest.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/binarysec.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/nevisproxy.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/isaserver.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/wzb360.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipasm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/powercdn.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5trafficshield.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/blockdos.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/cloudflare.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipapm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ciscoacexml.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/webscurity.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/awswaf.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/dotdefender.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/profense.py -> build/lib.linux-i686-2.7/wafw00f/plugins
copying wafw00f/plugins/ibm.py -> build/lib.linux-i686-2.7/wafw00f/plugins
creating build/lib.linux-i686-2.7/wafw00f/tests
copying wafw00f/tests/test_main.py -> build/lib.linux-i686-2.7/wafw00f/tests
copying wafw00f/tests/__init__.py -> build/lib.linux-i686-2.7/wafw00f/tests
creating build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/evillib.py -> build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/proxy.py -> build/lib.linux-i686-2.7/wafw00f/lib
copying wafw00f/lib/__init__.py -> build/lib.linux-i686-2.7/wafw00f/lib
creating build/bdist.linux-i686
creating build/bdist.linux-i686/egg
creating build/bdist.linux-i686/egg/wafw00f
creating build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/incapsula.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/comodo.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipltm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/teros.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/uspses.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/radware.py -> build/bdist.linux-i686/egg/wafw00f/plugins
py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/binarysec.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/nevisproxy.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/isaserver.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/wzb360.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipasm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/powercdn.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5trafficshield.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/blockdos.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/cloudflare.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/f5bigipapm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/ciscoacexml.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/webscurity.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/awswaf.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/dotdefender.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/profense.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/plugins/ibm.py -> build/bdist.linux-i686/egg/wafw00f/plugins
copying build/lib.linux-i686-2.7/wafw00f/manager.py -> build/bdist.linux-i686/egg/wafw00f
creating build/bdist.linux-i686/egg/wafw00f/tests
copying build/lib.linux-i686-2.7/wafw00f/tests/test_main.py -> build/bdist.linux-i686/egg/wafw00f/tests
copying build/lib.linux-i686-2.7/wafw00f/tests/__init__.py -> build/bdist.linux-i686/egg/wafw00f/tests
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/f5bigipltm.py to f5bigipltm.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/teros.py to teros.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/uspses.py to uspses.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/radware.py to radware.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/ibmdatapower.py to ibmdatapower.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/modsecuritycrs.py to modsecuritycrs.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/secureiis.py to secureiis.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/netcontinuum.py to netcontinuum.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/plugins/urlscan.py to urlscan.pyc

byte-compiling build/bdist.linux-i686/egg/wafw00f/lib/proxy.py to proxy.pyc
byte-compiling build/bdist.linux-i686/egg/wafw00f/lib/__init__.py to __init__.pyc
creating build/bdist.linux-i686/egg/EGG-INFO
installing scripts to build/bdist.linux-i686/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-2.7
copying and adjusting wafw00f/bin/wafw00f -> build/scripts-2.7
changing mode of build/scripts-2.7/wafw00f from 644 to 755
creating build/bdist.linux-i686/egg/EGG-INFO/scripts
copying build/scripts-2.7/wafw00f -> build/bdist.linux-i686/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-i686/egg/EGG-INFO/scripts/wafw00f to 755
copying wafw00f.egg-info/PKG-INFO -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/SOURCES.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/dependency_links.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/requires.txt -> build/bdist.linux-i686/egg/EGG-INFO
copying wafw00f.egg-info/top_level.txt -> build/bdist.linux-i686/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
wafw00f.manager: module references __file__
creating dist
creating 'dist/wafw00f-0.9.6-py2.7.egg' and adding 'build/bdist.linux-i686/egg' to it
removing 'build/bdist.linux-i686/egg' (and everything under it)
Processing wafw00f-0.9.6-py2.7.egg
creating /usr/local/lib/python2.7/dist-packages/wafw00f-0.9.6-py2.7.egg
Extracting wafw00f-0.9.6-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding wafw00f 0.9.6 to easy-install.pth file
Installing wafw00f script to /usr/local/bin

Installed /usr/local/lib/python2.7/dist-packages/wafw00f-0.9.6-py2.7.egg
Processing dependencies for wafw00f==0.9.6
Searching for pluginbase==0.7
Reading https://pypi.org/simple/pluginbase/
Downloading https://files.pythonhosted.org/packages/6e/f4/1db0a26c1c7fad81a1214ad1b02839a7bd98d8ba68f782f6edcc3d343441/pluginbase-0.7.tar.gz#sha256=c0abe3218b86533cca287e7057a37481883c07acef7814b70583406938214cc8
Best match: pluginbase 0.7
Processing pluginbase-0.7.tar.gz
Writing /tmp/easy_install-BcDc4t/pluginbase-0.7/setup.cfg
Running pluginbase-0.7/setup.py -q bdist_egg --dist-dir /tmp/easy_install-BcDc4t/pluginbase-0.7/egg-dist-tmp-Y1J4Tr
warning: no previously-included files matching '*.pyc' found under directory 'docs'
warning: no previously-included files matching '*.pyo' found under directory 'docs'
warning: no previously-included files matching '*.pyc' found under directory 'tests'
warning: no previously-included files matching '*.pyo' found under directory 'tests'
no previously-included directories found matching 'docs/_build'
creating /usr/local/lib/python2.7/dist-packages/pluginbase-0.7-py2.7.egg
Extracting pluginbase-0.7-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding pluginbase 0.7 to easy-install.pth file

Installed /usr/local/lib/python2.7/dist-packages/pluginbase-0.7-py2.7.egg
Searching for beautifulsoup4==4.6.0
Reading https://pypi.org/simple/beautifulsoup4/
Downloading https://files.pythonhosted.org/packages/a6/29/bcbd41a916ad3faf517780a0af7d0254e8d6722ff6414723eedba4334531/beautifulsoup4-4.6.0-py2-none-any.whl#sha256=7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11
Best match: beautifulsoup4 4.6.0
Processing beautifulsoup4-4.6.0-py2-none-any.whl
Installing beautifulsoup4-4.6.0-py2-none-any.whl to /usr/local/lib/python2.7/dist-packages
writing requirements to /usr/local/lib/python2.7/dist-packages/beautifulsoup4-4.6.0-py2.7.egg/EGG-INFO/requires.txt
Adding beautifulsoup4 4.6.0 to easy-install.pth file

Installed /usr/local/lib/python2.7/dist-packages/beautifulsoup4-4.6.0-py2.7.egg
Searching for html5lib==1.0.1
Best match: html5lib 1.0.1
Adding html5lib 1.0.1 to easy-install.pth file

Using /usr/lib/python2.7/dist-packages
Finished processing dependencies for wafw00f==0.9.6
  • After installing required files type wafw00f.
root@kali:/home/iicybersecurity/wafw00f# wafw00f

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Usage: wafw00f url1 [url2 [url3 ... ]]
example: wafw00f http://www.victim.org/
  • Type wafw00f testsite.com
root@kali:/home/iicybersecurity/wafw00f# wafw00f testsite.com

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking http://testsite.com
The site http://testsite.com is behind a Citrix NetScaler
Number of requests: 6
  • After executing the wafw00f. It shows that the target website is using citrix netscaler web application firewall.
  • The above information is vital and can be used in other hacking activities.

Another Example:-

  • Type wafw00f certifiedhacker.com
root@kali:/home/iicybersecurity/wafw00f# wafw00f certifiedhacker.com

^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'

WAFW00F - Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking http://targetsite.com
The site http://targetsite.com is behind a ModSecurity (OWASP CRS)
Number of requests: 11
  • After executing the wafw00f. It shows that the target website is using ModeSecurity (OWASP CRS) web application firewall.
  • The above information is vital and can be used in other hacking activities.

CONCLUSION:-

In this article we learned, how to detect web application firewalls. It’s an important part of the web penetration testing. This method is used initial phase of penetration testing.

Ethical hacking researcher says that having web application firewall (waf) is becoming important day by day and it is always important to analyze your web applications logs to find new attacks happening on the backend web application server. This is enable you to customize rules in your web application firewall to provide maximum security.