How To Hack: Wafw00f Tutorial – Web Application Firewall Detection Tool

Introduction

This is a Web Application Firewall Detection Tool.

The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.

Wiffit (Wafw00f ) can test for these Firewalls listed in the image –

If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)

To detect WAF it looks for the following things :

• Cookies
• ServerCloaking
• Response Codes
• Drop Action
• Pre Built-In Rules

How to Open Wiffit On Backtrack 5

Backtrack > Information Gathering > Web Application Analysis > IDS IPS Identification > waffit

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details –

How to use wafw00f

Example 1 :

Usage :

1. root@root :
   

   wafw00f [ target url ]

2. Example :
   

   wafw00f www.utexas.edu

3. This example shows that utexas.edu is behind the Web Application Firewall.
4. utexas.edu is behind the Imperva WAF.

 

Example 2 :

• Here washington.edu is also behind the WAF .
• All these images shows these website are using IDS and it blocks my request all the time .

 

Example 3 :

• Flipkart is also using WAF (Web Application Firewall)

 

Example 4 :

• Famous Orkut Website also display that the site is behind the WAF.

 

Websites with no WAF

Example 5 :

• No WAF Detect , may be they are using different WAF which are not in the list of wafw00f.

Example 6 :

• No WAF Detection on cornell.edu website .

 

Example 7 :

 

Example  8 :

 

Example 9 :

 

This is how we can use this tool on Backtrack 5 or Kali Linux.

Hope this tool helps you in your penetration testing WAF Detection .

If you like this tutorial , then drop a comment.

One disadvantage , it can be easily detected, so be careful with your scans.