🤯
Mazin
  • 🤔INTRODUCTION
    • Whoami
  • ☀️Notes
    • Leaked Credentials
    • IIS
    • CMS
    • pentesting4arabs
    • 2FA Bypass
    • Android
    • Monitor CVEs
    • Shodan Queries
    • Sites & Repos for bug hunting
    • Sites for scanning & etc
  • 🔥CTFS
    • Sites to solve Ctfs
    • HTB Apoc 2023
  • 💸Bug Bounty Writeups
    • Origin IP Access WAF Bypass
    • My First Big Bounty
    • Exposed Docker Registry
    • Squarespace Subdomain Takeover
Powered by GitBook
On this page
  1. Bug Bounty Writeups

Origin IP Access WAF Bypass

PreviousHTB Apoc 2023NextMy First Big Bounty

Last updated 10 months ago

بسم الله الرحمن الرحيم

I was thinking of a ways to be more creative in shodan to find Origin IPs using the query ssl:example.com 200 instead of trying thousands of IPs so I was exploring shodan facets and I saw http.waf so I thought why not trying to use it .

It showed me that there was two wafs

so I excluded them and explored the the rest of the results. using the query ssl:target.com 200 -http.waf:" AWS Elastic Load Balancer (Amazon)" -http.waf:"Cloudflare (Cloudflare Inc.)" making an acceptable number of results.

pip3 install wafw00f

then

wafw00f https://target.com > behind a WAF

wafw00f https://X.x.x.X > Without WAf

Lastly For the Poc I Used simple payload like <svg onload=alert(1)> to trigger the waf .

I tested them using which can be installed simply with the command

If you have any question or any note feel free to message me in linkedin :

💸
wafw00f
https://www.linkedin.com/in/mazin208
Shodan Facet Analysisshodanhq
Logo