What Is Waf? How Can We Bypass It?
Hello to you dear members of the Turk Hack Team. In this article, we will learn how can we bypass WAF by using --tamper function in SQLMap.
Firstly, What is this WAF?
Web Application Firewall (WAF), shortly web firewall. This wall blocks the traffic that seems anormal, does detailed package analysis and blocks harmful requests sended by attacker, wall does these by examining complex traffic. Well, how can we bypass it? We will do that by using SQLMap.
How To Detect WAF On The Website?
Opening terminal and using wafw00f command would be enough.
Kod:
[COLOR=White][SIZE=4][FONT=Trebuchet MS][B][SIZE=4][COLOR=White]wafw00f http://website.com[/COLOR][/SIZE][/B][/FONT][/SIZE][/COLOR]
As you can see our target website is protected by ModSecurity (SpiderLabs) WAF.
What Does --tamper Function Do?
Let's say you have found a website and tried to pull the database by doing sqlmap -u targetwebsite.com --dbs. Then you saw the website is protected by WAF and SQLMap wasn't be able to pull the database because of WAF. First, we should detect WAF, we must find out that is it using Linux system, or is it using Windows system. Then we will choose our bypass according to the firewall that is used in this system. There are lots of bypass scripts in the tamper folder that inside of SQLMap folder.
They all have different purposes so we can't use them randomly.
Usage Of --tamper Function
It has so simple usage after we find the bypass script that we will use. We will add --tamper "bypass script name" to the last part of the command line.
Kod:
[COLOR=White][SIZE=4][FONT=Trebuchet MS][B][SIZE=4][COLOR=White]sqlmap -u www.website.com/page.php?id=7 --tamper "escapequotes" --dbs[/COLOR][/SIZE][/B][/FONT][/SIZE][/COLOR]
Source: Waf Nedir ve SQLMap Fonksiyonlarıyla Nasıl Atlatılır?
Translator: Elflatus
Son düzenleme: