- Joined
- Jan 8, 2019
- Messages
- 56,604
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,446
- Points
- 2,313
- Credits
- 32,560
6 Years of Service
76%
identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently, it supports more than 80 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.
Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for future reference.