"Web application firewalls (WAF)" , The today's requirement to secure the web applications without
changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate
any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Features

  • Passively evaluate any Web Application Firewall
  • Supports phase-3 (RESPONSE_HEADERS) and phase-4 (RESPONSE_BODY) operations for mod_security.
  • Actual IP Impersonation
  • Generates log in Apache and mod_security format

Project Samples

Play Video Step-1 ( Run through Command line using "java -jar" switch Step-2 (Choose NIC, Website and WAF URL) Step-4 (See the attack is performed over "demo.testfire.net" but you can see the blocking log on "WOF" console ) Original Request Initiated by browser Simulated Request identical to Browser's request generated by "WOF" Live Capture log generated by "WOF"

Project Activity

See All Activity >

Categories

Web Application Firewalls (WAF)

Follow w-o-f

w-o-f Web Site

You Might Also Like
Get Avast Free Antivirus, our award-winning protection for all Icon
Get Avast Free Antivirus, our award-winning protection for all

Get advanced privacy protection beyond antivirus software

Avast Free Antivirus protects your computer against viruses and malware, and it helps you protect your home network against intruders.
Free Download
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of w-o-f!

Additional Project Details

Registered

2013-08-22
Report inappropriate content