search

Ekultek / WhatWaf

Detect and bypass web application firewalls and protection systems
Other
2.61k stars 443 forks source link

Unknown Firewall (fdcc748c0) #338

Closed WhatWaf-Firewalls closed 5 years ago

WhatWaf-Firewalls commented 5 years ago

WhatWaf version: 1.5.10 Running context: ./whatwaf.py -u ********************************** --ra --force-ssl --verbose -W Fingerprint:

<!--
GET http://github.com HTTP/1.1
Status code: 406
Date: Fri, 02 Aug 2019 10:01:05 GMT
Content-Type: #<Mime::NullType:0x00007f881f5376c8>
Transfer-Encoding: chunked
Connection: close
Server: GitHub.com
Status: 406 Not Acceptable
Vary: X-PJAX
Cache-Control: no-cache
Set-Cookie: has_recent_activity=1; path=/; expires=Fri, 02 Aug 2019 11:01:05 -0000, logged_in=no; domain=.github.com; path=/; expires=Tue, 02 Aug 2039 10:01:05 -0000; secure; HttpOnly, _gh_sess=cFpFY0pyWnV3emtZYTBTVGpuRGYwQjRKdHU1SHVqaHlmTjl2cktFVmVXTGRKNEhxZmtydEo2bkpLKzUwOFFFeGpRd3lnR1MybnpRMGpxdHN4Y0JMV0ZOTHZpQWY2ZXI2WWJkWEZVL0NRVG5obnkvSldwbEswMXcvZVVWQ1ZLNEotLTkweENrdmVDUjA4MExCM2RLRk5pMVE9PQ%3D%3D--fc50e5afe54710a19775967b8f6d24dceb705f78; path=/; secure; HttpOnly
X-Request-Id: a39fd9f3-da5b-41d5-a8fc-b9057eeeeb28
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
X-GitHub-Request-Id: C9A0:5495:33C51F:49EC15:5D4409E1
-->
Ekultek commented 5 years ago

false positive