Closed 687766616e closed 5 years ago
$ git pull
Already up to date.
meituan yun waf? maybe
www.test.test.zip log file
what?... still can't...
[00:17:14][DEBUG] loading plugin script 'zscaler'
[00:17:14][INFO] running firewall detection checks
[00:17:14][WARN] unknown firewall detected saving fingerprint to log file
[00:17:14][PROMPT] do you want to create an issue with the unknown firewall to possibly get it implemented[y/N]: y
[00:19:02][FATAL] caught an exception while trying to process request: HTTP Error 401: Unauthorized, you can either create this issue manually, or try again. if you have decided to create the issue manually you can find the issue information in the following file: /data/data/com.termux/files/home/.whatwaf/unprocessed_issues/fTqaVcLYPRGdaghiVmyuWuUwwuPFhBAT.json
[00:19:02][INFO] for further analysis the WAF fingerprint can be found in: '/data/data/com.termux/files/home/.whatwaf/fingerprints/www.insurance.meituan.com'
[00:19:02][WARN] request counter failed to count correctly, deactivating
$
Why is it aborted when it encounters an unknown firewall?
That's weird. Did you change any of the code? It's not aborted when it encounters unknow it creates an issue, try re-cloning it
still cant
This has to be user error
python whatwaf.py --tor --ra --tamper-int 10 --verbose -u "https://test.test.com/test-api/test?tedt=43842694568439726" --skip
,------.
' .--. '
,--. .--. ,--. .--.| | | |
| | | | | | | |'--' | |
| | | | | | | | __. |
| |.'.| | | |.'.| | | .'
| | | | |___|
| ,'. |hat| ,'. |af .---.
'--' '--' '--' '--' '---'
"/><script>alert("WhatWaf?<|>v1.4.4($dev)");</script>
[12:04:13][WARN] you've chosen to skip bypass checks and chosen an amount of tamper to display, tampers will be skipped
[12:04:13][INFO] running behind proxy 'socks5://127.0.0.1:9050'
[12:04:13][INFO] using User-Agent 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5'
...
[12:05:06][DEBUG] trying: https://test.test.com/Default.htm
[PAYLOAD] '))) AND 1=1,SELECT * FROM information_schema.tables ((('
[12:05:11][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726'))) AND 1=1,SELECT * FROM information_schema.tables (((''
[12:05:16][DEBUG] trying: https://test.test.com/index.exe
[PAYLOAD] ' )) AND 1=1 (( ' -- rgzd
[12:05:21][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726' )) AND 1=1 (( ' -- rgzd'
[12:05:26][DEBUG] trying: https://test.test.com/index.shtml
[PAYLOAD] ;SELECT * FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf '
[12:05:30][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726;SELECT * FROM information_schema.tables WHERE 2>1 AND 1=1 OR 2=2 -- qdEf ''
[12:05:35][DEBUG] trying: https://test.test.com/home.html
[PAYLOAD] ' OR '1'=1 '"
[12:05:40][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726' OR '1'=1 '"'
[12:05:45][DEBUG] trying: https://test.test.com/index.htm
...
[12:06:23][DEBUG] loading plugin script 'barikode'
[12:06:23][DEBUG] loading plugin script 'barracuda'
[12:06:23][DEBUG] loading plugin script 'bigip'
[12:06:23][DEBUG] loading plugin script 'binarysec'
[12:06:23][DEBUG] loading plugin script 'blockdos'
[12:06:23][DEBUG] loading plugin script 'chuangyu'
[12:06:23][DEBUG] loading plugin script 'ciscoacexml'
[12:06:23][DEBUG] loading plugin script 'cloudflare'
[12:06:23][DEBUG] loading plugin script 'cloudfront'
[12:06:23][DEBUG] loading plugin script 'codeigniter'
[12:06:23][DEBUG] loading plugin script 'comodo'
[12:06:23][DEBUG] loading plugin script 'datapower'
[12:06:23][DEBUG] loading plugin script 'denyall'
[12:06:23][DEBUG] loading plugin script 'dodenterpriseprotection'
[12:06:23][DEBUG] loading plugin script 'dosarrest'
[12:06:23][DEBUG] loading plugin script 'dotdefender'
[12:06:23][DEBUG] loading plugin script 'dw'
[12:06:23][DEBUG] loading plugin script 'edgecast'
[12:06:23][DEBUG] loading plugin script 'expressionengine'
[12:06:23][DEBUG] loading plugin script 'fortigate'
[12:06:23][DEBUG] loading plugin script 'gladius'
[12:06:23][DEBUG] loading plugin script 'incapsula'
[12:06:23][DEBUG] loading plugin script 'infosafe'
[12:06:23][DEBUG] loading plugin script 'janusec'
[12:06:23][DEBUG] loading plugin script 'modsecurity'
[12:06:23][DEBUG] loading plugin script 'modsecurityowasp'
[12:06:23][DEBUG] loading plugin script 'nginx'
[12:06:23][DEBUG] loading plugin script 'paloalto'
[12:06:23][DEBUG] loading plugin script 'perimx'
[12:06:23][DEBUG] loading plugin script 'pk'
[12:06:23][DEBUG] loading plugin script 'powerful'
[12:06:23][DEBUG] loading plugin script 'radware'
[12:06:23][DEBUG] loading plugin script 'sabre'
[12:06:23][DEBUG] loading plugin script 'safedog'
...
[12:06:23][DEBUG] loading plugin script 'zscaler'
[12:06:23][INFO] running firewall detection checks
[12:06:24][SUCCESS] multiple protections identified on target:
[12:06:24][SUCCESS] #1 'Nginx Generic Protection'
[12:06:24][SUCCESS] #2 'DOSarrest (DOSarrest Internet Security)'
[12:06:24][WARN] skipping bypass tests
[12:06:24][INFO] URL has been cached for future use
[12:06:24][INFO] total requests sent: 25
Is it related to the execution of "source ~/.bash_profile"?
bad english hah
@huitc I'm running the execution script right now hang on
Seems to work still
whatwaf --tor --ra --tamper-int 10 --verbose -u "https://test.test.com/test-api/test?tedt=43842694568439726" --skip
,------.
' .--. '
,--. .--. ,--. .--.| | | |
| | | | | | | |'--' | |
| | | | | | | | __. |
| |.'.| | | |.'.| | | .'
| | | | |___|
| ,'. |hat| ,'. |af .---.
'--' '--' '--' '--' '---'
"/><script>alert("WhatWaf?<|>v1.4.4($dev)");</script>
[12:08:30][WARN] you've chosen to skip bypass checks and chosen an amount of tamper to display, tampers will be skipped
[12:08:30][INFO] running behind proxy 'socks5://127.0.0.1:9050'
[12:08:30][INFO] using User-Agent 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060310 Linux Mint/6 (Felicia) Firefox/3.0.11'
[12:08:30][INFO] using default payloads
[12:08:30][INFO] testing connection to target URL before starting attack
[12:08:39][SUCCESS] connection succeeded, continuing
[12:08:39][INFO] running single web application 'https://test.test.com/test-api/test?tedt=43842694568439726'
[12:08:39][INFO] request type: GET
[12:08:39][INFO] gathering HTTP responses
[PAYLOAD] <frameset><frame src=\"javascript:alert('XSS');\"></frameset>
[12:08:39][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726<frameset><frame src=\"javascript:alert('XSS');\"></frameset>'
[12:08:44][DEBUG] trying: https://test.test.com/index.php
[PAYLOAD] AND 1=1 ORDERBY(1,2,3,4,5) --;
[12:08:49][DEBUG] trying: 'https://test.test.com/test-api/test?tedt=43842694568439726AND 1=1 ORDERBY(1,2,3,4,5) --;'
[12:08:54][DEBUG] trying: https://test.test.com/placeholder.html
[PAYLOAD] ><script>alert("testing");</script>
...
[12:10:41][DEBUG] loading plugin script 'aspnetgeneric'
[12:10:41][DEBUG] loading plugin script 'aws'
[12:10:41][DEBUG] loading plugin script 'baidu'
[12:10:41][DEBUG] loading plugin script 'barikode'
[12:10:41][DEBUG] loading plugin script 'barracuda'
[12:10:41][DEBUG] loading plugin script 'bigip'
[12:10:41][DEBUG] loading plugin script 'binarysec'
[12:10:41][DEBUG] loading plugin script 'blockdos'
[12:10:41][DEBUG] loading plugin script 'chuangyu'
[12:10:41][DEBUG] loading plugin script 'ciscoacexml'
[12:10:41][DEBUG] loading plugin script 'cloudflare'
[12:10:41][DEBUG] loading plugin script 'cloudfront'
[12:10:41][DEBUG] loading plugin script 'codeigniter'
[12:10:41][DEBUG] loading plugin script 'comodo'
...
[12:10:41][INFO] running firewall detection checks
[12:10:41][SUCCESS] multiple protections identified on target:
[12:10:41][SUCCESS] #1 'Nginx Generic Protection'
[12:10:41][SUCCESS] #2 'DOSarrest (DOSarrest Internet Security)'
[12:10:41][WARN] skipping bypass tests
[12:10:41][INFO] total requests sent: 25
Do the following:
admin@Hades:~/whatwaf$ python whatwaf.py --clean
[12:11:51][WARN] cleaning the home folder: /Users/admin/.whatwaf, if you have installed with setup.sh, this will erase the executable script along with everything inside of the /Users/admin/.whatwaf directory (fingerprints, scripts, copies of whatwaf, etc) if you are sure you want to do this press ENTER now. If you changed your mind press CNTRL-C now
[12:11:54][INFO] attempting to clean home folder
[12:11:54][INFO] home folder removed
admin@Hades:~/whatwaf$ bash setup.sh install
,------.
' .--. '
,--. .--. ,--. .--.| | | |
| | | | | | | |'--' | |
| | | | | | | | __. |
| |.'.| | | |.'.| | | .'
| | | | |___|
| ,'. |hat| ,'. |af .---.
'--' '--' '--' '--' '---' v(1.4.4)
Installing:
copying files over..
creating executable
editing file stats
installed, you need to run: source ~/.bash_profile if you notice that the installation does not work as expected
admin@Hades:~/whatwaf$ source ~/.bash_profile
And try again, see if that changes anything
I'm using this app to run it: https://play.google.com/store/apps/details?id=com.termux
it's not designed for termux. im thinking that chances are there's probably some bugs since the websites are reading you as mobile. i can look into it and see what i can do for you though.
But I have use --ra
option!...
I realize that but once again it's not designed for termux
try using termux to run whatwaf?😊
Also, I can use sqlmap normally...
@huitc what does sqlmap have to do with this? i'm looking into it and will update accordingly
That is, you can run Python applications on Termux.
whatwaf --ra --tamper-int 10 --verbose -u "https://test.test.com/test-api/test?tedt=43842694568439726"