WAF, BYPASS, TECHNIQUES

Bypass WAF - Techniques

Web Application Firewalls (WAF) were used to block the domains and monitor the traffic and block the malicious web traffic. I would like to share some resources to Red Teams / Penetration testers to bypass WAF technologies while doing their engagements.

Bypass WAF - Techniques

1. http://wafbypass.me/w/index.php/Main_Page
2. http://www.freebuf.com/articles/web/10099.html
3. http://tech-technical.com/index.php/2015/11/11/waf-bypass-sql-injection-tutorial/
4. http://webvuln.blogspot.hk/2015_04_01_archive.html
5. http://www.wooyun.org/bugs/wooyun-2014-089426
6. https://forum.90sec.org/forum.php?mod=viewthread&tid=9133
7. http://www.idiot-attacker.com/2016/02/macam-macam-kode-bypass-waf.html
8. http://wooyun.org/bugs/wooyun-2010-0121291
9. http://wooyun.org/bugs/wooyun-2010-0115175
10. http://drops.wooyun.org/tips/7883
11. http://www.securityidiots.com/Web-Pentest/WAF-Bypass/
12. http://www.pentest.net.cn/post/7
13. http://www.mottoin.com/86886.html
14. http://mp.weixin.qq.com/s?__biz=MzIyNjQzMjcyNw==&mid=2247483860&idx=1&sn=fa19f02e29d25f5f6852af27451ae4a9&scene=23&srcid=0815JYA53l0Bk3PMkhzRlKUh#rd
15. https://github.com/borbelyau/bypass-waf-ids-ips/blob/master/evasionsqli_methods

References

• Github