You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These ideas were originally my own, but I was very happy to find that my ideas were the same as nmap's waf recognition strategy when looking for information and reference tools :)
The WAF probe I used:
"1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
If machine translation is a little difficult to understand, please refer to the following text
`使用-cdn参数检查时,总是失效,或许可以考虑修改实现方式,
我使用的waf探针:
"1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#" `
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Originally posted at #535 by @moyuwa
These ideas were originally my own, but I was very happy to find that my ideas were the same as nmap's waf recognition strategy when looking for information and reference tools :)
The WAF probe I used:
"1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
If machine translation is a little difficult to understand, please refer to the following text
`使用-cdn参数检查时,总是失效,或许可以考虑修改实现方式,
我分析了httpx源码,在cdn.go文件内添加了新的实现方法,通过多个不同地区dns服务器去解析域名,更准确的区分目标是否存在cdn,
相关源码在另一台电脑上,现在无法同步,其实非常容易,即使用go语言实现nslookup功能,可指定dns服务器的那种,直接编辑的https://github.com/botsphp/nslookgo
作为程序员,自己改写没原作者更新项目更完美,因此我提交了这个建议
还有另一个小建议,关于waf识别的,我的团队内使用的方式,第一种通过对比正常请求与带waf探针请求的返回内容大小,判断是否有waf(不需要知道具体是那个厂商的waf),第二种是参照 identYwaf项目的指纹数据对两次请求的返回内容进行指纹匹配,两次请求即可获取到很多数据(包括响应、标题、特征等)
这些想法最初是来源于我自己,但是在查找资料和可参照工具时,发现我的想法与nmap的waf识别策略相同,这让我感到十分高兴 :)
我使用的waf探针:
"1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#" `
Beta Was this translation helpful? Give feedback.
All reactions