Last active
March 4, 2021 22:00
-
-
Save haproxytechblog/1a2df95767a5226fd135630db91510dc to your computer and use it in GitHub Desktop.
The HAProxy Enterprise WAF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python /usr/bin/sqlmap \ | |
| --random-agent \ | |
| --cookie="PHPSESSID={YOUR SESSION ID};security=low" \ | |
| --dbs \ | |
| --url="http://{YOUR SITE IP}/vulnerabilities/sqli/?id=&Submit=Submit" \ | |
| -p id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [09:24:38] [INFO] the back-end DBMS is MySQL | |
| web server operating system: Linux Debian | |
| web application technology: Apache 2.4.25 | |
| back-end DBMS: MySQL 5.0.12 | |
| [09:24:38] [INFO] fetching database names | |
| available databases [2]: | |
| [*] dvwa | |
| [*] information_schema |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ssh -i ./haproxy_demo.pem ubuntu@[HAPROXY_IP_ADDRESS] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo /opt/hapee-2.2/bin/hapee-lb-modsecurity-getcrs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| module-load hapee-lb-modsecurity.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend fe_main | |
| filter modsecurity owasp_crs rules-file /etc/hapee-2.2/modsec.rules.d/lb-modsecurity.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo systemctl reload hapee-2.2-lb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python /usr/bin/sqlmap \ | |
| --random-agent \ | |
| --cookie="PHPSESSID={SESSION ID};security=low" \ | |
| --dbs \ | |
| --url="http://{SITE IP}/vulnerabilities/sqli/?id=&Submit=Submit" \ | |
| -p id | |
| [09:51:40] [WARNING] GET parameter 'id' is not injectable | |
| [09:51:40] [CRITICAL] all tested parameters appear to be not injectable. | |
| [09:51:40] [WARNING] HTTP error codes detected during run: | |
| 403 (Forbidden) - 1 times |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl waf_blocked var(txn.owasp_crs.block) -m bool | |
| http-request send-challenge ... if waf_blocked |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment