Unknown Firewall (d81ac8956)

[WhatWaf-Firewalls]

WhatWaf version: 1.6.11 Running context: ./whatwaf.py -u ****************** --tor --ra Fingerprint:

<!--
GET http://kraken.com HTTP/1.1
Status code: 403
Date: Thu, 28 Nov 2019 21:04:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Set-Cookie: __cfduid=d318561bc351302b45ffee1b8af179dba1574975092; expires=Sat, 28-Dec-19 21:04:52 GMT; path=/; domain=.kraken.com; HttpOnly, __cf_bm=b06db5b7b2c046f487b6361d503ae70a8d271ef2-1574975092-1800-AUhBBJy6UIEX1kQghfyDIsx8kZ3hoAaSMu1TF6lp2VW7ZlpFA8JWDVQvwn42Z+TCUk2bkQS9Qq4BzKt4USRmHJw=; path=/; expires=Thu, 28-Nov-19 21:34:52 GMT; domain=.kraken.com; HttpOnly
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 53cf4bf81c8cc80a-DFW
Content-Encoding: gzip
-->
<!DOCTYPE html>

<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta id="captcha-bypass" name="captcha-bypass"/>
<meta charset="utf-8"/>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
<meta content="IE=Edge,chrome=1" http-equiv="X-UA-Compatible"/>
<meta content="noindex, nofollow" name="robots"/>
<meta content="width=device-width,initial-scale=1,maximum-scale=1" name="viewport"/>
<link href="/cdn-cgi/styles/cf.errors.css" id="cf_styles-css" media="screen,projection" rel="stylesheet" type="text/css"/>
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!--><script src="/cdn-cgi/scripts/zepto.min.js" type="text/javascript"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script src="/cdn-cgi/scripts/cf.common.js" type="text/javascript"></script><!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" data-translate="enable_cookies" id="cookie-alert">Please enable cookies.</div>
<div class="cf-error-details-wrapper" id="cf-error-details">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 data-translate="challenge_headline">One more step</h1>
<h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> kraken.com</h2>
</div><!-- /.header -->
<div class="cf-section cf-highlight cf-captcha-container">
<div class="cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<div class="cf-highlight-inverse cf-form-stacked">
<form action="/%3Cframeset%3E%3Cframe%20src=%5C%22javascript:alert(&amp;?__cf_chl_captcha_tk__=2b8e8dba0b2d8026a95230f01135d4f69f6a807d-1574975092-0-AcNN4_Ptk-nF6aRARyy74Qh1ECelhJVPpSH4X1yFuDMjiiLgQajm3tKv2DgJyxyDULgm1248iH_EFnOlnYTPnDHU0w4wwIXkB6WWd-QLTU2w4PRv5x8pCMan92vRdrEdWr_sH0nM8dbWIGMDB47vOKtA4dWeG_2fnt3kEb01ijvC8vNAp3P1o5oLHR3GijNtyHDCwUY6jtYA4cTrI_xzjR61dWnNJIh7Ci8miiQx3v1ifggwPajDUK1mUQ8aViMbEombFhLm1Wr6_5GUu1tXsEtod9a8Qx84MeTOu7BMCtL0T7FL_cKPK5FiT5zjgL0zfSjQzF4uXwmKKe8zwC8xrQ_MP9mKKSCaItGscoxX-YtgWBIrITnYP-o5MTED6SW20OFmhkRR5-LIMy7RyOx8_VUIdNIBYMX1sf-vUB2Vd3YP7jMJ6_j-9RIM-eW0tDsoFg#039;XSS');%5C%22%3E%3C/frameset%3E" class="challenge-form" enctype="application/x-www-form-urlencoded" id="challenge-form" method="POST">
<input name="r" type="hidden" value="edb0b635350975bd957078c9845087cae70683eb-1574975092-0-AejUOIELwGHO/0iOY23xi/gTNCkBShBD4yIU8QOWFuCZg6oAzTKwGkzUN1pVTY3+XDrspmmdZSfsQQb9wp6RBiBay0Er32XeikENAcs/fC1dSTHP2BfvDC/v/ftblBkHT7n36a7cCdBj1lRNi5turJvlv+NeTjLpGpAwAq50Q4694dXlYpUyr7Ofwi8yXJx/AaOPujTBpARt20NBKE2IceQgnfe+BNbPDaU9+YN3VCfXe3/qBwi+f5ifjBmWMfe0RfUnSCUL7TTpoeY/+vPb8WsJPNubv9LUmonplCc7Tsf8LEguScLSUGryBECBg/1y3CI5CsUS+/RZtynXMH9j4ynY1RQCOC8pVesTkvJsXgSsFCIqZU5Sn9TyWYYThlrkO4RMnf2Qnp4nh7Mk22bFgZ7GnwRvPj4+0dADqyNCtyJxoZXo4G21LMr5snTANof+SfjLuU6FUQo6fy766Ia83k/pD+k5hhNtBSrRRCi9SqsUBL36SLju1r5vYHgFSzLosdFaCjriA2z37wL90vVBrituTs508ktTrdCNpQymIGHLuAPwnFewf/u414YAWa8kETRmQ/zNM3dhFvkrWVhqHdkhU4Lpi2Qdibt5L7aq9jwiVz2YEYkQOfqKq8oyBz5mvl7Zd8jsUVR2CsKPp8oJSAo6jAa9ixz/FkPwBQkXfXl+0VHXTWZdoGt96J2rEJHIqFu3nluJVoYsKCJWcIq5wkRJpvX9f0B0fzDXs7E35RJpTNHNZJMoZQs0Xp1jaB45pORm5lR2BnKespOWbpXgNp2lZ24AHh/jMKHxOFBh0cBAAMaN5MPpNwYLrYC4asBuQ873qxwT72oHXO3qsU80TzQyheNKzXiEPFg85yhvPSJY8UV3xqRMRj5IVoVmGqFHtaocFLlwBxcbZ2fvq8fNYRtpOGWRTuXxZLL9U/28S6wSaK1zORlhMagfSTHbfoNCSyvreOfGdTRP51PsNyuG22YQTAm7hlyjFYIPjoucFNoL7i5fUuY86/3ebWUN9UNW4kb/zfPyNk6dQ6gAMhqVl2bqEH/YWKjT96JRzGTeGU39Kq10bQUtIPjO7YdeRVI37vLGTE4cnv7bdkXnnvfuAouTpZEHkKvBAe3KDUeVm3LBUhbCUVS8GQ1p/ZXV3JkJKGBbF1aYWnRGlH7Fxg7T0JNuXNIvEjCCo5e/SkA+v5ZFyx+C9shswjU6c4jQWyIBR1yhA0UdTY5HvbySx2/sE16VHwhW5WMf9jNbT7XBwspRj5P+xSzpaA89UHb/BqWna4/dhfgMTtw64M6DIisaDw1PrkuEnM5NQxDZXOM1NPRV/LfFqXlpcS45wBTT5LYS18xEQOcbMdhwDmgzFxRHWGY="/>
<script async="" data-ray="53cf4bf81c8cc80a" data-sitekey="6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0" data-type="normal" src="/cdn-cgi/scripts/cf.challenge.js" type="text/javascript"></script>
<div class="g-recaptcha"></div>
<noscript class="cf-captcha-info" id="cf-captcha-bookmark">
<div><div style="width: 302px">
<div>
<iframe frameborder="0" scrolling="no" src="https://www.google.com/recaptcha/api/fallback?k=6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0" style="width: 302px; height:422px; border-style: none;"></iframe>
</div>
<div style="width: 300px; border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
<textarea class="g-recaptcha-response" id="g-recaptcha-response" name="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;"></textarea>
<input type="submit" value="Submit"/>
</div>
</div></div>
</noscript>
</form>
</div>
</div>
<div class="cf-column">
<div class="cf-screenshot-container">
<span class="cf-no-screenshot"></span>
</div>
</div>
</div><!-- /.columns -->
</div>
</div><!-- /.captcha-container -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2>
<p data-translate="why_captcha_detail">Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.</p>
</div>
<div class="cf-column">
<h2 data-translate="resolve_captcha_headline">What can I do to prevent this in the future?</h2>
<p data-translate="resolve_captcha_antivirus">If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.</p>
<p data-translate="resolve_captcha_network">If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.</p>
<p data-translate="resolve_captcha_privacy_pass"> Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the <a href="https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/">Firefox Add-ons Store</a>.</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper">
<p>
<span class="cf-footer-item">Cloudflare Ray ID: <strong>53cf4bf81c8cc80a</strong></span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Your IP</span>: 199.249.230.101</span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script type="text/javascript">
  window._cf_translation = {};

</script>
</body>
</html>

[Ekultek]

python whatwaf.py -u "http://kraken.com" --tor --ra

                              ,------.  
                             '  .--.  ' 
    ,--.   .--.   ,--.   .--.|  |  |  | 
    |  |   |  |   |  |   |  |'--'  |  | 
    |  |   |  |   |  |   |  |    __.  | 
    |  |.'.|  |   |  |.'.|  |   |   .'  
    |         |   |         |   |___|   
    |   ,'.   |hat|   ,'.   |af .---.   
    '--'   '--'   '--'   '--'   '---'  
/>&$$+]!;%|@]!)<-;;^`%%\?);(@script>;$:?)|*|?|!/`.alert("WhatWaf?<|>v1.6.11($dev)");<&%*@:~,^(!;)+$_/script>$..,_,$|-):~~&\

[20:11:37][INFO] checking for updates
[20:11:37][INFO] running behind proxy 'socks5://127.0.0.1:9050'
[20:11:37][INFO] using User-Agent 'Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.02'
[20:11:37][INFO] using default payloads
[20:11:37][INFO] testing connection to target URL before starting attack (Tor is initialized which may increase latency)
[20:11:39][SUCCESS] connection succeeded, continuing
[20:11:39][INFO] running single web application 'http://kraken.com'
[20:11:39][WARN] URL does not appear to have a query (parameter), this may interfere with the detection results
[20:11:39][INFO] request type: GET
[20:11:39][INFO] gathering HTTP responses
[20:11:57][INFO] gathering normal response to compare against
[20:11:57][INFO] loading firewall detection scripts
[20:11:57][INFO] running firewall detection checks
[20:12:29][FIREWALL] Amazon Web Services Web Application Firewall (Amazon)
[20:12:29][FIREWALL] CloudFlare Web Application Firewall (CloudFlare)
[20:12:29][FIREWALL] SafeDog WAF (SafeDog)
[20:12:29][INFO] starting bypass analysis
[20:12:29][INFO] loading payload tampering scripts
[20:12:29][INFO] running tampering bypass checks
^C[20:12:37][FATAL] user aborted scanning

Unable to reproduce