Origin IP Access WAF Bypass

بسم الله الرحمن الرحيم

I was thinking of a ways to be more creative in shodan to find Origin IPs using the query ssl:example.com 200 instead of trying thousands of IPs so I was exploring shodan facets and I saw http.waf so I thought why not trying to use it .

Shodan Facet Analysisshodanhq

It showed me that there was two wafs

so I excluded them and explored the the rest of the results. using the query ssl:target.com 200 -http.waf:" AWS Elastic Load Balancer (Amazon)" -http.waf:"Cloudflare (Cloudflare Inc.)" making an acceptable number of results.

I tested them using wafw00f which can be installed simply with the command

pip3 install wafw00f

then

wafw00f https://target.com > behind a WAF

wafw00f https://X.x.x.X > Without WAf

Lastly For the Poc I Used simple payload like <svg onload=alert(1)> to trigger the waf .

If you have any question or any note feel free to message me in linkedin : https://www.linkedin.com/in/mazin208

PreviousHTB Apoc 2023 NextMy First Big Bounty

Last updated 1 year ago