Closed sethpuneet4 closed 1 year ago
sethpuneet4
commented
1 year ago Also no matter which WAF vendor i try i keep getting WAF was not identified!!
Do we try to check here based on the cookies returned by each WAF Vendor (which are unique to themselves) or reply on some response code or something else??
time="2022-11-22T16:20:47Z" level=info msg="Try to identify WAF solution" time="2022-11-22T16:20:47Z" level=info msg="WAF was not identified"
svkirillov
commented
1 year ago Hi!
Unfortunately I couldn't reproduce the error from the original post. It looks like a local network problem.
Also no matter which WAF vendor i try i keep getting WAF was not identified!!
WAF may return a different status code then we expect. Try to find out what status code is returned on pre-check and then use the --blockStatusCode option to set it. Also you can turn off WAF pre-check with the --skipWAFBlockCheck option.
If WAF uses cookies to track user sessions, you can use the --followCookies option to accept this cookies and the --renewSession option to refresh the cookies to prevent your requests from being blocked by the WAF session.
sethpuneet4
commented
1 year ago It indeed was some kind of Network Problem may be with DNS!
Also no matter which WAF i try i usually end up with this
time="2022-11-22T16:20:47Z" level=info msg="Try to identify WAF solution" time="2022-11-22T16:20:47Z" level=info msg="WAF was not identified"
Any ideas what can make us identify a WAF Vendor or Make??
svkirillov
commented
1 year ago It is ok that WAF was not identified in the sense that the name of the solution being used and its vendor have not been identified. GTW is currently only able to identify the WAF product name and vendor for two solutions - Imperva and Akamai.
sethpuneet4
commented
1 year ago Hi svkirillov,
IMHO it is a great plus if this tool can identify more WAF Vendors and find them more accurately. It just gives more confidence to users about the script.
Probably i can collaborate with you to add more detectors like Citrix, FortiWeb, Indusface, Cloudflare, F5.
Tejare
commented
9 months ago Hey @sethpuneet4, how did you resolve this issue? I am facing the exact same error. I am passing an AWS load balancer's DNS name as the URL.
Getting This error when trying to test WAF from one of the WAF Providers
level=error msg="caught error in main function" error="couldn't detect: couldn't identify WAF: failed to sent request: Any ideas what could be the reason?? This works fine for some other domains hosted behind same WAF Provider.
docker run -v $Users:/app/reports --network="host" \ wallarm/gotestwaf --url=https://abc.xyz.com/ --blockStatusCode 200 time="2022-11-22T16:10:04Z" level=info msg="GoTestWAF started" version=unknown time="2022-11-22T16:10:04Z" level=info msg="Test cases loading started" time="2022-11-22T16:10:04Z" level=info msg="Test cases loading finished" time="2022-11-22T16:10:04Z" level=info msg="Test cases fingerprint" fp=ba6e4eb2ac65ba17afa18b04d62af8b9 time="2022-11-22T16:10:04Z" level=info msg="Try to identify WAF solution" time="2022-11-22T16:10:09Z" level=error msg="caught error in main function" error="couldn't detect: couldn't identify WAF: failed to sent request: Get \"https://abc.xyz.com?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd&d=%2Fbin%2Fcat+%2Fetc%2Fpasswd%3B+ping+127.0.0.1%3B+curl+google.com&e=%3C%21ENTITY+xxe+SYSTEM+%22file%3A%2F%2F%2Fetc%2Fshadow%22%3E%5D%3E%3Cpwn%3E%26hack%3B%3C%2Fpwn%3E\": dial tcp: lookup abc.xyz.com: Try again"
I take a tcpdump on my machine outbound port but i don't even see any request going out!!