Sam10
May 06, 2020Altostratus
F5 WAF Tester tool
I am trying to test my WAF policy tested with the F5 WAF tester tool , but i am getting 0 results. Has any one used this tool. Do i need to add all these parameter value or can i leave it blank. what should be the value for blocking regular expression pattern. I am looking to scan for all the vulnerabilities defined in my policy , please can i get some insight into it.
[BIG-IP] Host [1.1.1.1]: <<< The BIG-IP Mgmt IP address to be tested
[BIG-IP] Username [username]: <<< The BIG-IP Mgmt username to be tested
[BIG-IP] Password [********]: <<< The BIG-IP Mgmt password to be tested
ASM Policy Name [policy_name]: <<< The WAF policy name to be tested
Virtual Server URL [https://2.2.2.2]: <<< The protocol and virtual address that will be tested>
Blocking Regular Expression Pattern [<br>Your support ID is: (?P<id>\d+)<br>]: <<< The blocking response page string to expect from ASM
Number OF Threads [25]: <<< The number of threads to open in parallel
[Filters] Test IDs to include (Separated by ',') []: <<< You can choose a specific test IDs that will be tested
[Filters] Test Systems to include (Separated by ',') [Unix/Linux,Node.js,MongoDb,Java Servlets/JSP]: <<< You can choose specific systems names that will be tested
[Filters] Test Attack Types to include (Separated by ',') []: <<< You can choose a specific attack types names that will be tested
[Filters] Test IDs to exclude (Separated by ',') [,]: <<< You can choose specific test IDs that will not be tested (on top of the include list)
[Filters] Test Systems to exclude (Separated by ',') []: <<< You can choose specific system names not that will be tested (on top of the include list)
[Filters] Test Attack Types to exclude (Separated by ',') [],]: <<< You can choose specific attack type names that will not be tested (on top of the include list)