diff --git a/README.md b/README.md
index d5709f7..ef01729 100644
--- a/README.md
+++ b/README.md
@@ -1417,11 +1417,9 @@ Wanna detect WAFs? Lets see how.
-# Evasion Techniques
+## Evasion Techniques
Lets look at some methods of bypassing and evading WAFs.
-## Cross Site Scripting:
-
### Fuzzing/Bruteforcing:
#### Method:
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
@@ -1430,11 +1428,10 @@ Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
- [Fuzz-DB/Attack](https://github.com/fuzzdb-project/fuzzdb/tree/master/attack)
#### Technique:
-
-- Load up your wordlist into Burp Suite Intruder/custom fuzzer and start the bruteforce.
+- Load up your wordlist into fuzzer and start the bruteforce.
- Record/log all responses from the different payloads fuzzed.
- Use random user-agents, ranging from Chrome Desktop to iPhone browser.
-- If blocking noticed, increase fuzz latency (eg. 2-4 secs)
+- If blocking noticed, increase fuzz latency (eg. 2-4 secs).
- Always use proxies, since chances are real that your IP gets blocked.
#### Drawbacks:
@@ -1510,55 +1507,6 @@ __Possible PHP Filter Code__: `preg_match('/(and|or|union|where|limit|group b
- __Filtered Injection__: `1 || lpad(user,7,1)`
- __Bypassed Injection__: `1%0b||%0blpad(user,7,1)`
----
-
-__Scenario 2: Cross Site Scripting__
-
-- Normal deliberate test:
-```
-
-```
-- Checking if the firewall is blocking only lowercase:
-```
-
-```
-- Bypassing firewall regex with new line (`\r\n`):
-```
-
-
-
-```
-- Bypass trial with hex notation:
-```
-%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3B%3C%2F%73%63%72%69%70%74%3E
-```
-- Bypass trials with ECMAScript6 variation:
-```
-