Introduction
This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.
It will help you detect the WAF ( Web Application Firewall ) behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image –
If any firewall is detected from the list it will display on-screen
How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :
- Cookies
- ServerCloaking
- Response Codes
- Drop Action
- Pre Built-In Rules
How to Open Wiffit On Backtrack 5
Backtrack > Information Gathering > Web Application Analysis > IDS IPS Identification > waffit
How to Open Wiffit On Kali Linux
Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f
wafw00f is open now , see the below image for more details –
How to use wafw00f
Example 1 :
Usage :
- root@root :
wafw00f [ target url ]
- Example :
wafw00f www.utexas.edu
- This example shows that utexas.edu is behind the Web Application Firewall.
- utexas.edu is behind the Imperva WAF.
Example 2 :
- Here washington.edu is also behind the WAF .
- All these images shows these website are using IDS and it blocks my request all the time .
Example 3 :
- Flipkart is also using WAF (Web Application Firewall)
Example 4 :
- Famous Orkut Website also display that the site is behind the WAF.
Websites with no WAF
Example 5 :
- No WAF Detect , may be they are using different WAF which are not in the list of wafw00f.
Example 6 :
- No WAF Detection on cornell.edu website .
Example 7 :
Example 8 :
Example 9 :
This is how we can use this tool on Backtrack 5 or Kali Linux.
Hope this tool helps you in your penetration testing WAF Detection .
If you like this tutorial , then drop a comment.
One disadvantage , it can be easily detected, so be careful with your scans.
Hi Peter!
Thank you for this website, I am a new visitor and found this site to be great.
Just a question so how we avoid getting detected by the Firewall logs if we scan them.
Well as with most things, you would probably not want to be scanning from an IP that can be linked to you.
You will probably want to turn your research attention to proxies, vpns, wifi, and other ways you can jump around the world before reaching your target.
PLease upload a blog on anonymity, vpns proxies, how to keep ourself spoofed..