search

Ekultek / WhatWaf

Detect and bypass web application firewalls and protection systems
Other
2.67k stars 449 forks source link

Unknown Firewall (aa6ff9387) #347

Closed WhatWaf-Firewalls closed 5 years ago

WhatWaf-Firewalls commented 5 years ago

WhatWaf version: 1.5.12 Running context: ./whatwaf.py -u ******************************************************************************************************************************** --tor Fingerprint:

<!--
GET http://www.fm.bank HTTP/1.1
Status code: 403
Date: Thu, 08 Aug 2019 05:20:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Set-Cookie: __cfduid=d09daea8d8c2b24bcf66b3c48eb3e7adf1565241614; expires=Fri, 07-Aug-20 05:20:14 GMT; path=/; domain=.www.fm.bank; HttpOnly; Secure
Cache-Control: max-age=2
Expires: Thu, 08 Aug 2019 05:20:16 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 502f0a3a3d549c45-AMS
Content-Encoding: gzip
-->
<!DOCTYPE html>

<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta id="captcha-bypass" name="captcha-bypass"/>
<meta charset="utf-8"/>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
<meta content="IE=Edge,chrome=1" http-equiv="X-UA-Compatible"/>
<meta content="noindex, nofollow" name="robots"/>
<meta content="width=device-width,initial-scale=1,maximum-scale=1" name="viewport"/>
<link href="/cdn-cgi/styles/cf.errors.css" id="cf_styles-css" media="screen,projection" rel="stylesheet" type="text/css"/>
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!--><script src="/cdn-cgi/scripts/zepto.min.js" type="text/javascript"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script src="/cdn-cgi/scripts/cf.common.js" type="text/javascript"></script><!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" data-translate="enable_cookies" id="cookie-alert">Please enable cookies.</div>
<div class="cf-error-details-wrapper" id="cf-error-details">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 data-translate="challenge_headline">One more step</h1>
<h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> www.fm.bank</h2>
</div><!-- /.header -->
<div class="cf-section cf-highlight cf-captcha-container">
<div class="cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<div class="cf-highlight-inverse cf-form-stacked">
<form action="/cdn-cgi/l/chk_captcha" class="challenge-form" id="challenge-form" method="get">
<input name="s" type="hidden" value="6904480bc266aad120667ff14db9af315987e30d-1565241614-1800-AczoAXZSaf+WRokLwcLnD4Y5rCXrF4J2SWmq8Q6KgaNkLB7LkrMER9OnCyx3gFeJRqkL0Lkra/0nLWtC5gZL8pkrChIWlFC7IN1lu0GFRvZ9VZJ/gXs3GUEP4gETQEpIXuBckp00C23WuKLvsh0RcfwWTQ1eL4Lu4uVuuN/oUGGhB81zVGhXqaSOwuUHMkR+a5x1rHHZpXwX19jMHi3GE2sssT6Lqrbs/yduqB/+oMb/i+7aKPgJaxbmw0fw521+YL+3MVhCVYis1dfQ7UFVDEWY8fCodEOZxyFoJ0j8Zap3Trdsev3SS2sApS+UbVQfvJ2c6MoQVAWU9RA5/DeIFUpvVxPOZ30T87tjm2IJZfRuIc6PLc4eMohxvvsrltyoxg=="/>
<script async="" data-ray="502f0a3a3d549c45" data-sitekey="6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0" data-type="normal" src="/cdn-cgi/scripts/cf.challenge.js" type="text/javascript"></script>
<div class="g-recaptcha"></div>
<noscript class="cf-captcha-info" id="cf-captcha-bookmark">
<div><div style="width: 302px">
<div>
<iframe frameborder="0" scrolling="no" src="https://www.google.com/recaptcha/api/fallback?k=6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0" style="width: 302px; height:422px; border-style: none;"></iframe>
</div>
<div style="width: 300px; border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
<textarea class="g-recaptcha-response" id="g-recaptcha-response" name="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;"></textarea>
<input type="submit" value="Submit"/>
</div>
</div></div>
</noscript>
</form>
</div>
</div>
<div class="cf-column">
<div class="cf-screenshot-container">
<span class="cf-no-screenshot"></span>
</div>
</div>
</div><!-- /.columns -->
</div>
</div><!-- /.captcha-container -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2>
<p data-translate="why_captcha_detail">Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.</p>
</div>
<div class="cf-column">
<h2 data-translate="resolve_captcha_headline">What can I do to prevent this in the future?</h2>
<p data-translate="resolve_captcha_antivirus">If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.</p>
<p data-translate="resolve_captcha_network">If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper">
<p>
<span class="cf-footer-item">Cloudflare Ray ID: <strong>502f0a3a3d549c45</strong></span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Your IP</span>: 192.42.116.18</span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script type="text/javascript">
  window._cf_translation = {};

</script>
</body>
</html>
Ekultek commented 5 years ago

fixed look for it in the next push:

python whatwaf.py -u "http://www.fm.bank" --tor --skip
                                  ,------.  
                                 '  .--.  ' 
        ,--.   .--.   ,--.   .--.|  |  |  | 
        |  |   |  |   |  |   |  |'--'  |  | 
        |  |   |  |   |  |   |  |    __.  | 
        |  |.'.|  |   |  |.'.|  |   |   .'  
        |         |   |         |   |___|   
        |   ,'.   |hat|   ,'.   |af .---.   
        '--'   '--'   '--'   '--'   '---'  
"/><script>alert("WhatWaf?<|>v1.5.12($dev)");</script>

[09:10:32][WARN] you've chosen to skip bypass checks and chosen an amount of tamper to display, tampers will be skipped
[09:10:32][INFO] running behind proxy 'socks5://127.0.0.1:9050'
[09:10:32][INFO] using User-Agent 'whatwaf/1.5.12 (Language=2.7.16; Platform=Darwin)'
[09:10:32][INFO] using default payloads
[09:10:32][INFO] testing connection to target URL before starting attack
[09:10:33][SUCCESS] connection succeeded, continuing
[09:10:33][INFO] running single web application 'http://www.fm.bank'
[09:10:33][WARN] URL does not appear to have a query (parameter), this may interfere with the detection results
[09:10:33][INFO] request type: GET
[09:10:33][INFO] gathering HTTP responses
[09:10:46][INFO] gathering normal response to compare against
[09:10:47][INFO] loading firewall detection scripts
[09:10:47][INFO] running firewall detection checks
[09:10:51][FIREWALL] CloudFlare Web Application Firewall (CloudFlare)
[09:10:51][WARN] skipping bypass analysis