工具地址:https://github.com/codewatchorg/bypasswaf
工具原理:https://www.codewatch.org/blog/?p=408
引用
Users can modify the X-Originating-IP, X-Forwarded-For, X-Remote-IP, X-Remote-Addr headers sent in each request. This is probably the top bypass technique i the tool. It isn’t unusual for a WAF to be configured to trust itself (127.0.0.1) or an upstream proxy device, which is what this bypass targets.
The “Content-Type” header can remain unchanged in each request, removed from all requests, or by modified to one of the many other options for each request. Some WAFs will only decode/evaluate requests based on known content types, this feature targets that weakness.
The “Host” header can also be modified. Poorly configured WAFs might be configured to only evaluate requests based on the correct FQDN of the host found in this header, which is what this bypass targets.
The request type option allows the Burp user to only use the remaining bypass techniques on the given request method of “GET” or “POST”, or to apply them on all requests.
The path injection feature can leave a request unmodified, inject random path info information (/path/to/example.php/randomvalue?restofquery), or inject a random path parameter (/path/to/example.php;randomparam=randomvalue?resetofquery). This can be used to bypass poorly written rules that rely on path information.
The path obfuscation feature modifies the last forward slash in the path to a random value, or by default does nothing. The last slash can be modified to one of many values that in many cases results in a still valid request but can bypass poorly written WAF rules that rely on path information.
The parameter obfuscation feature is language specific. PHP will discard a + at the beginning of each parameter, but a poorly written WAF rule might be written for specific parameter names, thus ignoring parameters with a + at the beginning. Similarly, ASP discards a % at the beginning of each parameter.
The “Set Configuration” button activates all the settings that you have chosen.
分享到:
相关推荐
BurpSuite Plugin通过字符集编码绕过waf的burp插件因为小伙伴在实战中有这么个需求(利用字符集编码绕过waf),所以我借着他的这个需求也学习了下burp插件的编写。预览ASP.NET+IIS使用说明其实这种方法很早就出来了...
Burp Suite扩展程序,可帮助测试人员绕过WAF或使用多种技术测试其有效性
burpsuite分块传输插件,一键生成分块传输请求,用于bypass waf等
burpsuit分块传输插件,用于分块传输数据包来绕过WAF
这是一个绕过WAF的方法,大家能够学习到如何绕过的方法。能够提升自己的技术水品。
绕过WAF进行文件上传的文旦,可以学习一些姿势加以利用。
浅谈绕过WAF的数种方法.txt
打p套件集合 BurpSuite相关收集项目,插件主要是非BApp Store(商店)(本项目仅用于burpsuite插件相关学习研究使用!不再提供破解版!项目已经被burp官方提交到GitHub的DMCA了,删除了破解相关文件,如有需要请前往...
解码简单说一下:chunked 是 http 协议里面的分块传输,简单说就是一个数据传输方式,之后将数据一段一段传过去,waf 无法检测到,就是绕过了,可以结合
WAF绕过的各种方法总结总结语2019年7月9日,仅供学习参考,请勿用于非法用途
深入了解SQL注入绕过waf和过滤机制
本文主要是总结了WAF绕过的各种方法,大家在测试中可以使用以下的方法进行WAF的绕过,希望对大家有帮助。
IPRotate_Burp_Extension Burp Suite的扩展程序,它使用AWS API Gateway在每个请求上更改您的IP。 更多信息:描述通过此扩展,您可以轻松跨多个区域启动API网关。 然后,针对目标主机的所有Burp Suite通信都会通过...
但是执命令会发现直接 Connection Reset ,很明显是被 waf 拦截了0x01 背景0x02 探究 waf 规则个个删除关键字,发现拦截的关键字有
关键字替换绕过 waf单引号页面报错这里我们打算使用 updatexml 来进行报错输出,在 url 后面添加 and 发现并没有拦截,但是如果在 and 后面
多个角度绕过waf 以继绕过waf的思路 其中列举了几个实例,仅作参考
网络攻防的学习,来大家 来研究waf的分析 与绕过。。。。
长亭waf绕过1
.py文件 可以直接绕过主流waf 喜欢的小伙伴可以下载使用
实战绕过双重waf 玄武盾+程序自身过滤 结合编写sqlmap的tamper获取数据 文档来自互联网仅做学习使用,请勿使用文档相关内容进行违法犯罪活动。