performing-web-application-firewall-bypass

# Performing Web Application Firewall Bypass ## When to Use - When confirmed vulnerabilities are blocked by WAF signature-based detection - During penetration testing where WAF prevents exploitation of known issues - When evaluating WAF rule effectiveness against evasion techniques - During red team engagements requiring bypass of perimeter security controls - When testing custom WAF rules for completeness and bypass resistance ## Prerequisites - Burp Suite Professional with SQLMap integration - wafw00f for WAF fingerprinting and identification - SQLMap with tamper scripts for automated WAF bypass - Understanding of WAF detection mechanisms (signature, regex, behavioral) - Collection of encoding and obfuscation techniques per attack type - Knowledge of HTTP protocol nuances exploitable for evasion ## Workflow ### Step 1 — Identify and Fingerprint the WAF ```bash # Detect WAF using wafw00f wafw00f http://target.com # Manual WAF detection via response headers curl -sI http://target.com | grep -iE "x-cdn|server|x-powered-by|x-sucuri|cf-ray|x-akamai" # Trigger WAF with known bad payload and analyze response curl "http://target.com/page?id=1' OR 1=1--" -v # Look for: 403 Forbidden, custom block page, CAPTCHA challenge # Common WAF indicators: # Cloudflare: cf-ray header, __cfduid cookie # AWS WAF: x-amzn-requestid # ModSecurity: Mod_Security or OWASP CRS error messages # Akamai: AkamaiGHost header # Imperva: incap_ses cookie, visid_incap cookie ``` ### Step 2 — Bypass with...