WafW00f is a very useful python script, which is capable of detecting the web application firewall (WAF). This tool is particularly useful when the penetration tester wants to inspect the target web application server and might get a fallback with certain vulnerability assessment techniques, for which the web application is actively protected by a firewall. Thus, detecting the firewall sitting in between application server and Internet traffic not only improves the testing strategy, but also presents exceptional challenges for the penetration tester to develop the advanced evasion techniques.
WafW00f comes pre-installed with Kali Linux. Also we can install it by using sudo apt-get install command. First we check it's help section by using following command:
Then it's help menu comes in front of us, as we can see in the following screenshot:
Here we can see the basic uses of this tool is very simple. We just need our target URL for this. So we start with this. Here we are going to try it on a example website. So we use following command to attack on our target:
On the following screenshot we got the output of the command we had used.
On the above screenshot we can clearly see that our example site is running behind a WAF (Web Application Firewall).
The result proves that the target application server is running behind the firewall (for example, Edgecast, dotDefender ). Using this information, we could further investigate the possible ways to bypass WAF. These could involve techniques such as the HTTP parameter pollution, null-byte replacement, normalization, and encoding the malicious URL string into hex or Unicode.
If we have a list of websites on a text or csv or json (For csv and json, a 'url' column name or element is required.) file then we can test all of then at once by using following commnd:
wafw00f -i /location/of/file.txt
On the following screenshot we can see the result.
This is how we can check which firewall is used on the website or web application on our Kali Linux system.
Love our articles? Make sure to follow our free subscription to get all our articles directly on inbox. We are also available on Twitter and GitHub, we post article updates there. To join our family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.