"Web application firewalls (WAF)" , The today's requirement to secure the web applications without
changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate
any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Features

  • Passively evaluate any Web Application Firewall
  • Supports phase-3 (RESPONSE_HEADERS) and phase-4 (RESPONSE_BODY) operations for mod_security.
  • Actual IP Impersonation
  • Generates log in Apache and mod_security format

Project Samples

Play Video Step-1 ( Run through Command line using "java -jar" switch Step-2 (Choose NIC, Website and WAF URL) Step-4 (See the attack is performed over "demo.testfire.net" but you can see the blocking log on "WOF" console ) Original Request Initiated by browser Simulated Request identical to Browser's request generated by "WOF" Live Capture log generated by "WOF"

Project Activity

See All Activity >

Categories

Web Application Firewalls (WAF)

Follow w-o-f

w-o-f Web Site

You Might Also Like
Top-Rated Free CRM Software Icon
Top-Rated Free CRM Software

216,000+ customers in over 135 countries grow their businesses with HubSpot

HubSpot is an AI-powered customer platform with all the software, integrations, and resources you need to connect your marketing, sales, and customer service. HubSpot's connected platform enables you to grow your business faster by focusing on what matters most: your customers.
Get started free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of w-o-f!

Additional Project Details

Registered

2013-08-22
Report inappropriate content