Possibly Barracuda WAF(?)

[ghost]

WhatWaf version: 2.0.3 Running context: whatwaf -W -u *************************************************************** --threads 5 --tor --check-tor Fingerprint:

<!--
GET http://www.*.com HTTP/1.1
Status code: 404
content-type: text/html
connection: close
-->
<div style=\"border: 3px solid #4991C5; font:1.5em; font-family:tahoma,calibri,arial; font-weight:bold; color:#1A4369; padding:5px; margin:10px; text-align:center\">  The specified URL cannot be found. </div><!--0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234-->

Ususally the comment at the end is used by Barracuda WAF <!--0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234-->

Other methods of detection:

• Response cookies may contain barra_counter_session value.
• Response headers may contain barracuda_ keyword.
• Response page contains You have been blocked heading or You are unable to access this website text
• Response page contains <!--0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234--> with different 404 error page.

I hope you can add this to your awesome tool :) Cheers and great software!!!

[Ekultek]

Hey, ya I’ll look into it when I have some time. Thanks for the input!