Kali Linux Tutorials: Information Gathering - IDS/IPS Identification Tools
- fragroute
- fragrouter
- wafw00f
fragroute
Description - fragroute intercepts, modifies and rewrites egress traffic destined for a specified host.
It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior.
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behavior.
Unlike fragrouter, this program only affects packets originating from the local machine destined for a remote host. Do not enable IP forwarding on the local machine.
USAGE# fragroute [-f file] <host>
EXAMPLE# fragroute 192.168.123.233
fragrouter
Description Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks
described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection"
the paper of January 1998.
This program was written in the hopes that a more precise testing methodology might be applied to the area of
network intrusion detection, which is still a black art at best.
To test your firewall(s) using fragrouter , you will need two systems in addition to your firewall/packet filter. This is
because fragrouter cannot by design be run on the same system from which you're testing (according to the
documentation, this is to prevent abuse).
USAGE fragrouter [options]
EXAMPLE fragrouter -F1
wafw00f
Description - Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short
listing of possible detection methods:
- Cookies: Some WAF products add their own cookie in the HTTP communication.
- Server Cloaking: Altering URLs and Response Headers
- Response Codes: Different error codes for hostile pages/parameters values
- Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
- Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
USAGE python wafw00f.py <url>
EXAMPLE python wafw00f.py google.com
No comments:
Post a Comment