Caught error in main function
sethpuneet4 opened this issue · 6 comments
Getting This error when trying to test WAF from one of the WAF Providers
level=error msg="caught error in main function" error="couldn't detect: couldn't identify WAF: failed to sent request:
Any ideas what could be the reason??
This works fine for some other domains hosted behind same WAF Provider.
docker run -v $Users:/app/reports --network="host"
wallarm/gotestwaf --url=https://abc.xyz.com/ --blockStatusCode 200
time="2022-11-22T16:10:04Z" level=info msg="GoTestWAF started" version=unknown
time="2022-11-22T16:10:04Z" level=info msg="Test cases loading started"
time="2022-11-22T16:10:04Z" level=info msg="Test cases loading finished"
time="2022-11-22T16:10:04Z" level=info msg="Test cases fingerprint" fp=ba6e4eb2ac65ba17afa18b04d62af8b9
time="2022-11-22T16:10:04Z" level=info msg="Try to identify WAF solution"
time="2022-11-22T16:10:09Z" level=error msg="caught error in main function" error="couldn't detect: couldn't identify WAF: failed to sent request: Get "https://abc.xyz.com?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd&d=%2Fbin%2Fcat+%2Fetc%2Fpasswd%3B+ping+127.0.0.1%3B+curl+google.com&e=%3C%21ENTITY+xxe+SYSTEM+%22file%3A%2F%2F%2Fetc%2Fshadow%22%3E%5D%3E%3Cpwn%3E%26hack%3B%3C%2Fpwn%3E\": dial tcp: lookup abc.xyz.com: Try again"
I take a tcpdump on my machine outbound port but i don't even see any request going out!!
Also no matter which WAF vendor i try i keep getting WAF was not identified!!
Do we try to check here based on the cookies returned by each WAF Vendor (which are unique to themselves) or reply on some response code or something else??
time="2022-11-22T16:20:47Z" level=info msg="Try to identify WAF solution"
time="2022-11-22T16:20:47Z" level=info msg="WAF was not identified"
Hi!
Unfortunately I couldn't reproduce the error from the original post. It looks like a local network problem.
Also no matter which WAF vendor i try i keep getting WAF was not identified!!
WAF may return a different status code then we expect. Try to find out what status code is returned on pre-check and then use the --blockStatusCode option to set it. Also you can turn off WAF pre-check with the --skipWAFBlockCheck option.
If WAF uses cookies to track user sessions, you can use the --followCookies option to accept this cookies and the --renewSession option to refresh the cookies to prevent your requests from being blocked by the WAF session.
It indeed was some kind of Network Problem may be with DNS!
Also no matter which WAF i try i usually end up with this
time="2022-11-22T16:20:47Z" level=info msg="Try to identify WAF solution"
time="2022-11-22T16:20:47Z" level=info msg="WAF was not identified"
Any ideas what can make us identify a WAF Vendor or Make??
It is ok that WAF was not identified in the sense that the name of the solution being used and its vendor have not been identified. GTW is currently only able to identify the WAF product name and vendor for two solutions - Imperva and Akamai.
Hi svkirillov,
IMHO it is a great plus if this tool can identify more WAF Vendors and find them more accurately. It just gives more confidence to users about the script.
Probably i can collaborate with you to add more detectors like Citrix, FortiWeb, Indusface, Cloudflare, F5.
Hey @sethpuneet4, how did you resolve this issue? I am facing the exact same error. I am passing an AWS load balancer's DNS name as the URL.