Web application attacks expanding day by day, Attacker wants to exploit flaws in your applications, Website administrator best way to detect attackers footprints in websites Web Application Firewall.
This will be detecting and blocking the specific patterns on the web applications. Pentester, well never exweb applications abilities on application rather he/she might be identifying the presence of Web Application Firewall.
- WAFW00f is the inbuilt tool in Kali distribution or else you can install it manually.
- It can detect around Top 22 web application firewall, so wafw00f is a phase of information gathering initially.
Limitations of WAFW00F
- Above seen figure describes the list of web application firewall will be identified or detected by Wafw00f.
Presence of Web Application Firewall
- Above shown figure shows pentester or attacker identified web application firewall presence.
- Here blocking is being done at connection or packet level.
Identifying specific firewall
- If an pentester knows how to bypass mod_security and if/she wants to know the presence of mod security.
- So you can use wafw00f url -t Firewallname.
- Above shown figure, Pentester has observed there is no ModSecurity in the web-application.
So it’s always good to Identify the barriers in web applications before you exploit.
Checking for XML-RPC
XML-RPC is a remote procedure call (RPC) protocol which utilizes XML to encode its calls and HTTP as a transport mechanism.
“XML-RPC” also refers generically to the use of XML for remote procedure call, separately of the specific protocol.
Source : GBHackers