wafw00f源码及流量特征分析

wafw00f介绍这不是本次的重点，相关介绍及使用方法相信大家已经了解，所以此处就直接引用其开发者对该工具的介绍。To do its magic, WAFW00F does the following:Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.通过发送正常的HTTP请求并且分析其返回包，判断其是否使用 WAF ，若使用确认WAF类型If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.若是无法通过正常的HTTP请求结果分析出是否使用WAF以及其类型，则构造恶意的请求通过简单的逻辑再次进行判断If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.如果这也不成功，它会分析之前返回的响应，并使用另一种简单的算法来猜测WAF或安全解 ………………………………