From 9b70b08097c4ed487bf9d98e7b996318d5eafe2e Mon Sep 17 00:00:00 2001 From: Mehdi Date: Tue, 31 Oct 2023 12:31:38 +0330 Subject: [PATCH] Update WAF Bypass.md --- WAF Bypass.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WAF Bypass.md b/WAF Bypass.md index 1ec1fd7..e5aa777 100644 --- a/WAF Bypass.md +++ b/WAF Bypass.md @@ -25,7 +25,7 @@ To identify WAFs, we need to (dummy) provoke it. | ASP.NET Generic | • **Detectability:** Easy
• **Detection:** Response headers may contain `X-ASPNET-Version` header value.
**Blocked response page content may contain:**
•`This generic 403 error means that the authenticated user is not authorized to use the requested resource.`
•`Error Code 0x00000000<` keyword. | | BIG-IP ASM | • **Detectability:** Moderate
• **Detection:**
Response headers may contain `BigIP` or `F5` keyword value.
Response header fields may contain `X-WA-Info` header.
Response headers might have jumbled `X-Cnection` field value. | | Cloudflare | • **Detectability:** Easy
• **Detection:**
Response headers might have `cf-ray` field value.
`Server` header field has value `cloudflare`.
`Set-Cookie` response headers have `__cfuid=` cookie field.
Page content might have `Attention Required!` or `Cloudflare Ray ID:`.
Page content may contain `DDoS protection by Cloudflareas` text.
You may encounter `CLOUDFLARE_ERROR_500S_BOX` upon hitting invalid URLs. | -| FortiWeb | • **Detectability:** Moderate
• **Detection:**
Response headers contain `FORTIWAFSID=` on malicious requests.
**Blocked response page contains:**
Reference to `.fgd_icon` image icon.
`Server Unavailable!` as heading.
`Server unavailable. Please visit later.` as text.| +| FortiWeb | • **Detectability:** Moderate
• **Detection:**
Response headers contain `FORTIWAFSID=` on malicious requests.
Response headers contain cookei name `cookiesession1=`
**Blocked response page contains:**
Reference to `.fgd_icon` image icon.
`Server Unavailable!` as heading.
`Server unavailable. Please visit later.` as text.|