Bypass Web Application Firewall using WAFNinja

WAFNinja is a CLI python tool that helps penetration testers to bypass Web Application Firewall by automating steps necessary for bypassing input validation. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. It also supports intercepting proxy, so yes MITM for you.

Bypass Web Application Firewall using WAFNinja - blackMORE Ops

The tool was created with the objective to be easily extendible, simple to use and usable in a team environment.

Supported web methods:

  • HTTP connections
  • GET requests
  • POST requests
  • Using Cookies (for pages behind auth)
  • Intercepting proxy

Using WAFNinja for WAF Bypass

wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ...

More examples

fuzzing

python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" 
-c "phpsessid=value" -t xss -o output.html

Bypass WAG

python wafninja.py bypass -u "http://www.target.com/index.php"  -p "Name=PAYLOAD&Submit=Submit"         
-c "phpsessid=value" -t xss -o output.html

Insert fuzz

python wafninja.py insert-fuzz -i select -e select -t sql

Video demo

Here a complete video of a workshop that will teach you how to attack an application secured by a WAF. The moderator  describes WAF bypassing techniques and offers a systematic and practical approach on how to bypass web application firewalls based on these techniques. This video introduces WAFNinja, a tool that helps to find multiple vulnerabilities in firewalls.

Complete slides can be found here.

Reference

Check Also

Use any Linux applications through a proxy (apt-get, wget etc)

Use any Linux applications through a proxy (apt-get, wget etc)

It's pretty normal in many Organizations to use get servers to connect to Internet via a Proxy. In most cases it's for updating apt-get or yum via  proxy. However, quite often you might need to download packages directly using wget or curl and setting up apt-get or apt via proxy, wget via proxy, curl via proxy is a pain. What if you could simply setup a  Proxy and just use any applications to use that using a simply command? I faced this many times and hence writing this guide. Note that if you're only allowing apt-get via proxy then stick with configuring /etc/apt.conf or /etc/apt/conf.d/00proxy or something similar but if you need to allow different applications via a proxy then this method is best and simplest.

Hacking remote desktop protocol using rdpy - blackMORE Ops

Hacking remote desktop protocol using rdpy

RDPY is a Microsoft RDP Security Tool developed in pure Python with RDP Man in …

One comment

  1. hey your site has great content, design but just wanted to ask how your site got approved by adsense although it has hacking contents.

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed). Leave your solution to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: