Bypassing a WAF by Finding the Origin IP
22.7 هزار بار بازدید -
2 سال پیش
-
Hi, thanks for watching our
Hi, thanks for watching our video about Bypassing Web Application Firewall !
In this video we’ll walk you through:
- What's a Web Application Firewall (WAF) ?
- How WAFs are structured ?
- How could a misconfiguration lead to a security issue ?
- How to find the Origin IP behind a WAF ?
- How could we automate the process ?
- How to properly configure a WAF to avoid those issues ?
This video couldn't have been made without the motivation of 0xtavian ❤️
LINKS
cf-bypass:
- github.com/Roni-Carta/cf-bypass
More about finding Origin IPs:
- blog.detectify.com/2019/07/31/bypassing-cloudflare…
Security Trails:
- hubs.ly/Q017hXv60
Security Trails Referral Code:
- securitytrails.com/bug-bounty-hunters-toolkit?refe…
Cloudflare Documentation:
- www.cloudflare.com/ips/
- developers.cloudflare.com/
TIMESTAMPS
0:00 Intro
0:59 WAF Example: Cloudflare
1:45 How a WAF works ?
2:39 Possible Misconfiguration
2:59 What's the Origin IP ?
3:50 How to verify this issue ?
4:23 Favicon.ico Technique
5:11 Using Security Trails
6:30 Examples of Tools
7:01 cf-bypass
8:31 Impact in Bug Bounties
10:32 How to mitigate this issue ?
14:06 Surprise ???
ABOUT THE CHANNEL
The channel is about cybersecurity. We cover lots of cool stuff such as bug bounty hunting, cool vulnerabilities and breaking stuff for fun !
Follow me on Twitter:
twitter.com/0xLupin
Don’t forget to subscribe!
CREDITS:
Presented by: Roni Carta alias Lupin
Sponsored By: Security Trails
With the Participation of: Cloudflare
Directed by: Roni Carta
Written by: Roni Carta
Featuring: Roni Carta & Tobias Rohrle
Edited by: Roni Carta
Music by: Roni Carta
3D Model by: Pudding_King
Thumbnail by: Justicia Satria
Sound Effects: Mixkit
Additional Footages: Pexels
Guest Star: LiveOverflow
Inspired by:
LiveOverflow, InsiderPHD
Stök, Sylvqin, Detectify
2 سال پیش
در تاریخ 1401/01/18 منتشر شده
است.
22,703
بـار بازدید شده