Description

This plugin sends custom requests to the remote web server in order to verify if the remote network is protected by an IPS or WAF. afd plugin detects both TCP-Connection-reset and HTTP level filters, the first one (usually implemented by IPS devices) is easy to verify: if afd requests the custom page and the GET method raises an exception, then its being probably blocked by an active filter. The second one (usually implemented by Web Application Firewalls like mod_security) is a little harder to verify: first afd requests a page without adding any offending parameters, afterwards it requests the same URL but with a faked parameter and customized values; if the response bodies differ, then its safe to say that the remote end has an active filter.

Plugin type

Infrastructure

Options

This plugin doesn’t have any user configured options.

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.