-
Notifications
You must be signed in to change notification settings - Fork 449
POC
WAF identification is pretty standard when it comes to whatwaf, I passed the following arguments to get this done: --ra -t 45 --skip
Finding bypasses is a little more complicated since there is no exact way to determine a bypass without trying thousands of different methods over and over again in different ways. For the sake of simplicity and in the spirt of KISS I decided to go with basic bypass tests. Of course the program allows you to encode any payloads into encodings of your choice and as many encodings as you want to use. As an example for bypasses you can see here. Once you have determined that a technique is working you can use the encoding arguments to create encoded payloads, view the cached payloads, and list tamper scripts:
Creating encoded payloads, for this payload I used -e "SELECT * FROM information_schema.tables WHERE id LIKE '10'" content.tampers.space2plus content.tampers.randomtabify content.tampers.randomcase content.tampers.randomcomments
:
Viewing payloads that have already been tampered so that you can use them again when the time comes is also possible. For this all you have to do is pass the -vC
argument: