Identifying a web application firewall
A web application firewall (WAF) is a device or a piece of software that checks packages sent to a web server in order to identify and block those that might be malicious, usually based on signatures or regular expressions.
We can end up dealing with a lot of problems in our penetration test if an undetected WAF blocks our requests or bans our IP address. When performing a penetration test, the reconnaissance phase must include the detection and identification of a WAF, intrusion detection system (IDS), or intrusion prevention system (IPS). This is required in order to take the necessary measures to prevent being blocked or banned.
In this recipe, we will use different methods, along with the tools included in Kali Linux, to detect and identify the presence of a web application firewall between our target and us.
How to do it...
Nmap includes a couple of scripts to test for the presence of a WAF. Let's try some on our vulnerable-vm:
nmap -p 80,443 --script...