From the course: Complete Guide to Open Source Security

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Testing the efficacy of web protection

Testing the efficacy of web protection

From the course: Complete Guide to Open Source Security

Start my 1-month free trial Buy for my team

Testing the efficacy of web protection

- [Instructor] There's a handy open source testing tool called WAF Bypass that we can use to test a website for the presence and efficacy of any form of web protection. Let's download it and give it a run. We run our kali system and we'll clone it from GitHub. Git clone https://github.com/nemesida-waf/waf_bypass.git, and we'll go into waf_bypass. We'll now run pip to install the required libraries. We'll set up a virtual Python environment to do this. It's easy to do and it avoids conflicts with other Python tools. Python3 -m venv, and we'll call it env, and we'll run the source command to activate the virtual environment. And we can see we're now in the env virtual environment. So let's install the requirements. Pip install -r requirements.txt. Okay, and we'll just clear that, and we'll run a test against one of our web servers. Python3 main.py is the bypass tool, and we'll send it against a host, 192.168.1.132. We're now sending thousands of tests against the website to check what…

Contents