I have been doing self learning from 2 years...None of the tutorials said about detecting a WAF or wafw00f tool...Thanks a lot for such amazing and detailed content :)
thank you I'm in a ctf competition for fun no time limit and I been having the dumbest luck for 2 days. exploits won't work ect and then i come here I've been watching for videos and they are really helpful thank you
Yes, i agree finding out what WAF your target is using would defenently help the process go smoother because you would know how to craft a payload to bypass and find bugs to exploit them and of course report them.
thank you I'm in a ctf competition for fun no time limit and I been having the dumbest luck for 2 days. exploits won't work ect and then i come here I've been watching for videos and they are really helpful thank you
many thanks again ive learnt so much from You and others like you,your tutorials never ever fail me...go back a year or so ago and i didnt know a fraction of what i know now - thanks to you :-)
First of all i would like to thank you for great educational videos ⚘ My question is do you have any idea how to get ms teams group member IP address and other informations ?
Hello HackerSploit! first of all, a big thank you for your work! this have been a guide and a helping hand for me. second i got some Q's i hope you will take some time to answer! - As a new "member" as an ethical hacker, should i go get a laptop, only foy my Kali? - i cant really do anything on my VM, i feel. - i've watched hours and hours of videos, yours and others. Do you got any place i should look for guides and that? - and the last; How long time did it take you to become this knowlegded about Ethical hacking, that you found yourself comfortbel enough to make theese videos? Im from denmark, so im really sorry for my bad gramma and spelling! Best regard. - Stasse
Hi HackerSploit, thanks for wonderful video. I was running dotdefender WAS on metasploitable machine and when i tried wafw00f , it was not able to detect dotdefender waf...any guess what wrong i could have done ? thanks
Hii like the video and details could you please tell is it possible that server owner can track this sent reauest by tool like who is trying to check firewalls
Hi, great tutorial! Do you have any idea why wafw00f does not detect ModSecurity OWASP rule based WAF? I can confirm from my backend logs that wafw00f scan is detected as critical and mitigated, but the tool is not recognizing it as fully fledged WAF. Maybe I'm using outdated wafw00f?
CloudFlare is not a WAF, is a CDN. You can use ZAP with 10.000 connections/sec with not problem. And to do a brute force attack A WAF authorize only a limit number connection / sec and/or a specifical IP adress.
Hi please I would like to ask how to integrate my server under the waf protection , I run ubuntu 20.04 as waf with modsecurity then centos 7 as server app I wanto to add my centos under the waf for protections but do not know how
Hello there, I usually scan with nmap and wafw00f seems interesting tool. I have a question basically I want to know to install IDS in metasploitable Linux.
Yes, I had a web application firewall detected when doing a brute force attack. The attack was denied after 2nd try. The most common is dosarrest and cloudflare. So how can I bypass it? How do I encode it?
first of all make sure you are using kali linux, you can enable the 'secret' Linux subsystem in windows, tutorial: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-Bm4lrz_tqMk.html Then get Kali Linux in the microsoft store. After that go into kali linux and type: sudo apt-get install wafw00f