Saturday, November 23, 2024
Google search engine
HomeData Modelling & AIIdentifying Web Application Firewall in a Network

Identifying Web Application Firewall in a Network

A web application firewall (WAF) protects web applications from a variety of application-layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks on apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

Relationship between VPN and Firewalls

So there are basically two methods for Identifying a web application firewall in a network:

Method 1: Manual Discovery 

Telnet is mainly used by network administrators and penetration testers. Telnet enables you to connect to remote hosts over any port.

Step 1: Telnet Targetwebsite.com 80 (type this command on your terminal)

┌──(root????DESKTOP-SK08UEQ)-[/home/kali]
└─# telnet testphp.vulnweb.com 80
Trying 44.228.249.3...
Connected to testphp.vulnweb.com.
Escape character is '^]'.

Step 2: After running the command above, write HEAD / HTTP / 1.1 and press the enter key.

┌──(root????DESKTOP-SK08UEQ)-[/home/kali]
└─# telnet testphp.vulnweb.com 80
Trying 44.228.249.3...
Connected to testphp.vulnweb.com.
Escape character is '^]'.
 HEAD / HTTP / 1.1
HTTP/1.1 400 Bad Request
Server: nginx/1.19.0
Date: Tue, 05 Jul 2022 17:20:03 GMT
Content-Type: text/html
Content-Length: 157
Connection: close


<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
Connection closed by foreign host.

It indicates the server on which the website is hosted and the back-end language on which it was created after using telnet on the target port 80.

Method 2: Automated Discovery

Step 1:  Find Using Wafw00f

The zip package is available for download from the official GitHub source. Download the Wafwoof Tool. You can also use the git client to clone the repository. To get the package, run the commands:

Step 2: git clone https://github.com/EnableSecurity/wafw00f.git (Write On Your Linux Terminal and hit Enter)

 

Step 3: python setup.py install (Write On Your Linux Terminal and hit Enter)

 

Step 4: wafw00f <url> (For Ex.  wafw00f http://testphp.vulnweb.com/).

 

Step 5:  To use it in verbose mode, run the following command.

wafw00f  <url> -v 
Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments