Helping you find the SSL/TLS Cipher that WAF cannot decrypt and Server can decrypt same time
Referer article Bypassing Web-Application Firewalls by abusing SSL/TLS
python abuse-ssl-bypass-waf.py -h
Notice: If you are worry about WAF drop the connection, you have better not use -thread
option.
curl
sslcan
Notice: If your operation system is not Windows, you should be modify config.py
,adjust curl
and sslscan
path & command values.