In the “Security Chapter” a few days ago, I talked about HTTPS, which uses the SSL/TLS protocol to encrypt the entire communication process, prevent malicious eavesdropping and tampering, and protect our data security. However, HTTPS is only a small part of network security. It only ensures “communication link security” and prevents third parties from knowing […]
Tag: waf
Open Source WAF–Safeline (Thunder Pool) Test Manual
Changting Technology-SafeLine Community Edition Official website: Changting Leichi WAF Community Edition (chaitin.cn) WAF works at the application layer and has a better protective effect on Web systems based on the HTTP/HTTPS protocol to protect them from hacker attacks. 1.1 Construction of thunder pool 1.1.1 Configuration requirements Operating system: Linux Instruction architecture: x86_64 `Query command: uname […]
Password-free login for waf, yakit and ssh
WAF Security Dog Dirty data is suitable for all vulnerabilities to bypass WAF, but the prerequisite is that spam information must be placed before dangerous information. It cannot interrupt the structure of the original data packet and cannot affect the backend’s parsing of the data packet. Take DVWA shooting range file upload as an example […]
WAF, Yakit, SSH tips
Article directory WAF, Yakit, SSH tips 1. WAF file upload bypass 2. Yakit brute force cracking 3. SSH password-free login 4. SSRF combined with redis unauthorized vulnerability 4.1 Install ssh 4.2 redis is not authorized 4.3 Install redis 4.4 Gopher protocol 4.5 Use redis to write files WAF, Yakit, SSH tips 1. WAF file upload […]
Dirty data bypasses WAF, Yakit blasts base64-encoded passwords, and SSH passwordless login to the victim host
Article directory waf, Yakit, ssh skills waf dirty data bypass Yakit tools Explode plaintext passwords in base64-encoded format SSH Practical operation waf, Yakit, ssh skills waf dirty data bypass Take the file upload function of pikachu shooting range as an example Upload a Trojan image Shows blocked. Find the form-data; field, add a semicolon, and […]
C# simple wafer wafermapping display demonstration demo
Click, double click to change color Default data in 5 rows and 8 columns: using (fratte.at.WafermapDisplay.Form1 form_show = new fratte.at.WafermapDisplay.Form1()) { int[,] data_demo = new int[,]{ { 0,0,0,1,0 }, { 0,5,1,0,0 }, { 1,7,6,2,3 }, { 1,0,1,2,3 }, { 0,2,0,2,3 }, { 1,5,6,2,3 }, { 1,0,6,2,3 }, { 1,0,50,0,1 } }; form_show.SetDataSet(data_demo); form_show.SetInteractive(true); form_show.ShowDialog(); } […]
WAF Bypass-Vulnerability Discovery Proxy Pool Fingerprint Probe 47
Tools The tools are divided into comprehensive ones, including awvs, xray, and single-point tools such as wpscan, which specializes in scanning wordpress. And when we use tools, we may trigger waf. Trigger point The first is the scanning speed, which is too fast. It can be bypassed through demonstrations, proxy pools, and whitelists; the second […]
Nginx + Lua build website WAF firewall
Foreword For projects that only use common functions such as agents, install online. If customized modules are needed, it is recommended to compile and install< /strong> PS: This article not only contains Nginx-related knowledge points, but also includes anti-parallel learning methods (processing of new things) Official website: https://nginx.org/ Github: https://github.com/nginx/nginx Nginx Books: Nginx Cookbook Chinese […]
WAF Bypass and case practice
Article directory WAF Bypass 1. WAF 1.1 WAF Overview 1.1.1 Common WAFs 1.1.2 WAF Category 1.1.3 How WAF works 1.1.4 WAF deployment method 1.2 WAF fingerprint recognition 1.2.1 WAF fingerprint identification tool 1.3 Various ways to circumvent WAF 2. SQLi Bypass 2.1 Bypass idea 2.1.1 Level issues 2.1.2 HTTP issues 2.2 Bypass analysis 2.2.1 Bypass […]
Custom SQLmap and WAF bypass
Cybersecurity Law 1. SQLmap tamper scripting Take sqli-lab level 26 as an example Enter ?id=1’ — +, error character injection Considering the closure problem, enter ?id=1’ and 1, but the and and spaces disappear in the echo, which shows that the and and spaces are filtered. Because and and or are filtered, consider using double-writing […]