WAF Detection
Detecting any firewalls so we can find a way to bypass them.
WAF stands for Web Application Firewall.
Its goal is to protect the website behind it by filtering/monitoring the traffic.
Fingerprinting is a method used to gather information (about any WAF in this context).
Tools
Detecting WAFs with WAFW00F
wafw00f $URL
Detecting WAFs with WhatWaf
whatwaf -u $URL
nmap -p 80,443 --script=http-waf-fingerprint $URL
Other examples
A manual testing workflow could be to check the cookies and response headers.
Cookies: some WAF can be identified by the cookie's name.
Response headers: sometimes they are changed to apparently "confuse the attacker".