| With the rapid development of the Internet,Web applications provide people with more services,and the security problems they bring are also increasing day by day.Network security is getting more and more attention,and penetration detection and security protection of web applications are the most important directions in web security research today.In penetration testing,black box vulnerability testing is popular.However,with the intervention of security products such as WAF(Web Application Firewall),black box testing has problems such as poor pertinence and low efficiency,and how to perform vulnerability detection under the Web protection system has become urgent.This article detects the WAF filtering rules and realizes the bypass after the filtered character variants are converted,and designs a SQL injection vulnerability detection system that exists in the WAF environment.(1)Accurately identifying WAF fingerprints is of great significance for bypassing WAF for vulnerability detection.Through in-depth analysis of the principle of Web application service vulnerabilities and the working principle of WAF.An algorithm for identifying WAF fingerprints is proposed,which is developed based on python and collects a wide range of WAF signature libraries,which can accurately identify WAF fingerprints.When the WAF fingerprint is detected,the payload corresponding to the WAF in the database can be searched and called,and then the vulnerability detection of the target site can be performed directly.After local testing,the system can effectively identify the 360 host guard,call the payload constructed based on its own characteristics(static resources and whitelist)in the library,and realize the SQL injection vulnerability detection for bypassing the 360 host guard.(2)Black box testing for some sites with WAF has problems such as low efficiency and poor pertinence.Through analysis of WAF workflow and common WAF bypass methods,a new vulnerability detection method in the WAF environment is proposed: based on the smallest element first Method and dichotomy to detect WAF filtering rules,summarize and classify common filtered characters,then give corresponding bypass methods,define WAF rule sets,and establish a variant script library that bypasses WAF;when WAF is detected When filtering characters,you can choose the corresponding variant script,mount it to sqlmap to detect SQL injection vulnerabilities on the target site.When the effective payload is based on the WAF type,its filtering rules and bypassable examples are recorded in the database in real time,and the payload is continuously collected and combined into a WAF bypass dictionary,thereby efficiently bypassing more types of WAF for SQL injection vulnerability detection.After testing,the corresponding variant script is mounted to sqlmap,and the vulnerability detection of SQL injection in the security dog and 360 host guard environments can be completed respectively.(3)Because sqlmap cannot automatically call the variant scripts in multiple tampers,by analyzing the various variant scripts in the tamper,and classifying them according to the database type,permuting and combining the variant scripts to blast the target site.Write the effective variant script to the file output by sqlmap in real time,and subsequent blasting will carry this script.After the local environment test,it can blast out SQL injection vulnerabilities in the target site in the 360 host guard and security dog environment,and output variant script combinations.(4)Based on the above research and analysis combined with crawler and vulnerability detection technologies,a SQL injection vulnerability detection system was developed under the condition of a Web application firewall.Realize the functions of crawler,filter rules,bypass rules,bypass blasting and other modules based on python,and introduce the working process of the system.Experiments prove that the system is effective.This method is also applicable to other vulnerabilities under the same conditions. |
PDF Full Text Request