Added TransIP waf fingerprints

2024-12-22 22:33:29 +07:00 · 2019-04-08 17:55:43 +05:30 · 2019-04-08 17:55:43 +05:30 · 6807990360
commit 6807990360
parent 0beda39073
1 changed files with 19 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -783,7 +783,7 @@ Wanna fingerprint WAFs? Lets see how.
                            <li><code>We've detected attempted attack or non standard traffic from your IP address</code> text snippet.</li>
                        </ul>
                    </li>
-                    <li>Response headers may contain <code>greywizard</code> keyword.</li>
+                    <li><code>Server</code> header contain <code>greywizard</code> keyword.</li>
                </ul>
            </ul>
        </td>
@ -848,7 +848,7 @@ Wanna fingerprint WAFs? Lets see how.
                <li><b>Detectability: </b>Easy</li>
                <li><b>Detection Methodology:</b></li>
                <ul>
-                    <li>Headers contain <code>imunify360</code> keyword.</li>
+                    <li><code>Server</code> header contain <code>imunify360-webshield</code> keyword.</li>
                    <li>Response page contains:</li>
                    <ul>
                        <li><code>Powered by Imunify360</code> text snippet.</li>
@ -902,8 +902,8 @@ Wanna fingerprint WAFs? Lets see how.
                <li><b>Detection Methodology:</b></li>
                <ul>
                    <li>Blocked response page contains reference to <code>static.jiasule.com/static/js/http_error.js</code> URL.</li>
-                    <li><code>Set-Cookie</code> header has cookie field <code>__jsluid=</code> in response headers.</li>
-                    <li>Response headers have <code>jiasule-WAF</code> or <code>jsl_tracking</code> keywords.</li>
+                    <li><code>Set-Cookie</code> header has cookie field <code>__jsluid=</code> or <code>jsl_tracking</code>in response headers.</li>
+                    <li><code>Server</code> header has <code>jiasule-WAF</code> keywords.</li>
                    <li>Blocked response content has <code>notice-jiasule</code> keyword.</li>
                </ul>
            </ul>
@ -1691,6 +1691,21 @@ Wanna fingerprint WAFs? Lets see how.
            </ul>
        </td>
    </tr>
+    <tr>
+        <td>
+            TransIP Firewall
+        </td>
+        <td>
+            <ul>
+                <li><b>Detectability: </b>Easy</li>
+                <li><b>Detection Methodology:</b></li>
+                <ul>
+                    <li>Response headers contain unique header <code>X-TransIP-Backend</code>.</li>
+                    <li>Response headers contain another header <code>X-TransIP-Balancer</code>.</li>
+                </ul>
+            </ul>
+        </td>
+    </tr>
    <tr>
        <td>
            URLMaster SecurityCheck (iFinity/DotNetNuke)