Detecting web application firewalls
Web servers are often protected by packet filtering systems that drop or redirect suspected malicious packets. Web penetration testers benefit from knowing there is a traffic filtering system between them and the target application. If that is the case, they can try more rare or stealthy techniques to bypass the Web Application Firewall (WAF) or Intrusion Prevention System (IPS).
This recipe demonstrates how to use Nmap to detect packet filtering systems, such as a WAF or an IPS in front of a web application.
How to do it...
The steps to use Nmap to detect WAFs are as follows:
- Enter the following Nmap command:
$ nmap -sV --script http-waf-detect,http-waf-fingerprint <target>
- The
http-waf-detect
script will let you know whether a packet filtering system was detected:PORT STATE SERVICE 80/tcp open      http |_http-waf-detect: IDS/IPS/WAF detected
- The
http-waf-fingerprint
script will return...