WAF Bypass Revealed: These Methods You Will Never Think of
WAF (Web Application Firewall) is a product that specifically protects Web applications by executing a series of security policies for HTTP/HTTPS. In layman's terms, WAF products integrate certain detection rules. The content of each request will be detected according to the generated rules and corresponding defense processing will be made for those that do not comply with the security rules, thereby ensuring the security and legality of web applications. .
Here are some ways to bypass WAF:
**1. Various encoding bypasses: ** Use various encodings to bypass, such as URL encoding, Unicode encoding, HTML entity encoding, etc. The premise of this method is that the submitted encoded parameter content will have relevant decoding codes before entering the database query statement.
**2. Letter case conversion bypass: ** Some WAFs only filter all uppercase or all lowercase sensitive characters, but do not filter mixed uppercase and lowercase characters. Therefore, it is possible to bypass the case conversion of keywords, such as "sleep" to "sleeP" or "slEEp".
**3. Space filtering bypass: ** Some WAFs will filter spaces. You can use whitespace characters or '+' signs to replace spaces to bypass them.
**4. Double keyword bypass: ** Some WAFs only filter keywords once, and you can use double keywords to bypass them. For example, the WAF may filter "SELECT" but not "SEL" + "ECT". By splitting the keywords, the filtering mechanism can be bypassed.
**5. Inline comment bypass:** Use inline comments (such as MySQL's "–+") in the attack payload to bypass WAF detection. Such comments can make WAF mistakenly think that the part after the comment is invalid when parsing the SQL statement, thereby bypassing detection.
**6. Lax bypassing of rules for different request methods: ** Some WAFs may have inconsistent processing rules for different request methods (GET, POST, PUT, etc.). By changing the request method, you can bypass WAF's specific rules.
**7. Abnormal Method Bypass: **WAF usually filters and blocks some unconventional HTTP methods, such as "TRACE", "OPTIONS", etc. However, in some cases, these non-standard methods may not be strictly restricted and this can be exploited to bypass the WAF.
**8. Oversized packet bypass: **WAFs usually have packet size limits designed to prevent large attack payloads. By sending extremely large packets, it is possible for the WAF to exhaust resources or generate errors while processing, thereby bypassing its detection and protection mechanisms.
**9. Randomized request bypass: **Change request headers, cookies, User-Agent and other information, and randomly select each request to avoid being identified as malicious requests by WAF. This can make attackers more stealthy and increase WAF detection complexity.
**10. Segmented transmission bypass: ** Divide the request into multiple small chunks for transmission to confuse and bypass WAF detection. An attacker can use chunked transfers to evade WAF rule detection of request length or specific tags.
**11.IP forgery bypass:** Bypassing the WAF defense mechanism by disguising your own source IP address. An attacker can set any source IP address, making it impossible for the WAF to correctly track and filter malicious requests.
For more content, please follow the official account: Sixpence IT