UDF Lab Environment
โš ๏ธ WAF Test Page
Test F5 WAF detection against this demo app or any custom target FQDN โ€” including customer applications.
โš ๏ธ Lab & Authorized Use Only: Only test against applications you own or have explicit written permission to test. These payloads are for demonstrating F5 WAF capabilities.

๐ŸŽฏ Attack Target Configuration

๐Ÿ  This Demo App ๐Ÿ” Login Page ๐Ÿ“„ API Endpoint

๐Ÿ† OWASP Top 10 Attack Suite (2021)

Run all OWASP Top 10 attack payloads against the configured target. Results show whether F5 WAF blocked or passed each attack.

๐Ÿ“Š Attack Summary โ€”

0
โœ… Blocked by WAF
0
โŒ Passed Through
0
โš ๏ธ Network Error
0
๐Ÿ“Š Total Attacks
๐Ÿ”ฌ Individual Attack Tests

๐Ÿ’‰ SQL Injection

Classic SQLi payload to bypass authentication. F5 WAF detects and blocks SQL syntax in request parameters.

' OR '1'='1' --

๐Ÿ”€ Cross-Site Scripting (XSS)

Reflected XSS payload. F5 WAF detects script injection attempts in request parameters and headers.

<script>alert('XSS')</script>

๐Ÿ“ Path Traversal

Directory traversal attempt to access sensitive files. F5 WAF blocks ../ patterns in request paths.

../../../../etc/passwd

๐Ÿ’ป Command Injection

OS command injection attempt. F5 WAF detects shell command patterns injected into request parameters.

; cat /etc/passwd

๐Ÿ” LDAP Injection

LDAP injection targeting directory service authentication. F5 WAF detects LDAP filter manipulation.

*)(uid=*))(|(uid=*

๐Ÿ“ฆ XXE Injection

XML External Entity injection targeting XML parsers. F5 WAF detects DOCTYPE and ENTITY declarations.

<!DOCTYPE x [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>