BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.
π¦ Abundant Samples: Currently, a total of 33669 samples are available, with continuous updates in progress...
π No Configuration Required: Offers both a GUI and a command-line version, facilitating direct downloads of precompiled versions through Releases, or the option to clone the code and compile locally.
π Exportable Reports: Generates comprehensive reports on the execution results of all samples, including sample attributes, execution time, status codes, interception status, and more.
Testing Metrics
Metric
Description
Calculation Method
Detection Rate
Reflects the comprehensiveness of WAF detection capabilities, indicating "missed detections" if none are found.
Number of attack sample interceptions
False Positive Rate
Reflects interference with normal traffic, unreliable results being deemed "false positives".
Number of normal sample interceptions
Accuracy
The accuracy metric combines detection and false positive rates, preventing undue focus on either missed detections or false positives.
Detection Timing
Reflects WAF performance, with greater time consumption indicating poorer performance.
Sample Instances
# Normal sample: testcases/00/02/5ebf56a710da27b73a9ad59219f0.white
GET /rc-virtual-list@3.5.2/lib/hooks/useHeights.js HTTP/1.1
Host: npm.staticblitz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept: */*
Origin: https://stackblitz.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://stackblitz.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
# Malicious sample: testcases/8a/36/0bbc7685860c526e33f3cbd83f9c.black
GET /vulnerabilities/sqli_blind/?id=1%27+or+%27%27%3D%27&Submit=Submit HTTP/1.1
Host: 10.10.3.128
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://10.10.3.128/vulnerabilities/sqli_blind/?id=1%27+and+%27%27%3D%27&Submit=Submit
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Searching for a stable job while also waiting for grant payments can be really stressful and takes a toll on mental health. Thatβs why staying updated with SASSA status checks and payment dates is so important it gives people some relief and security while they keep applying for entry-level or junior roles in a tough job market. thesrdstatuscheck.com/
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
Searching for a stable job while also waiting for grant payments can be really stressful and takes a toll on mental health. Thatβs why staying updated with SASSA status checks and payment dates is so important it gives people some relief and security while they keep applying for entry-level or junior roles in a tough job market. thesrdstatuscheck.com/