This repository has been archived by the owner. It is now read-only.
No description or website provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

WAF Bypasser module

It assists the penetration testers to diagnose WAF rules and bypass WAFs.

Run examples

  • Fuzzing using simple content placeholders. The response will be detected if the responce code is in range 300-599 or 100.
python -t '' --mode fuzz -pl payloadlist.txt -rcd '300-599,100'
  • Fuzzing using simple content placeholders by adding cookies and post data

This example is fuzzing url using a payload list loaded from file, some post data, headers and a cookie. The response will be detected if contains the string 'permission'.

python -t '' --mode fuzz -pl payloadlist.txt -X POST --contains' "permission" -H "Host: localhost" "Accept: */*" -d "var=1234" --cookie "name=tester"
  • Same example as above but fuzzing headers
python -t '' --mode fuzz -pl payloadlist.txt -X POST --contains' "permission" -H "Host: @@@fuzzhere@@@" "Accept: */*" -d "var=1234" --cookie "name=tester"
  • Same as above but reversing the detection functions (Negative testing).
python -t '' --mode fuzz -pl payloadlist.txt -X POST --contains' "permission" -H "Host: @@@fuzzhere@@@" "Accept: */*" -d "var=1234" --cookie "name=tester" -r
  • Testing usings CoNTains case_senvitice text
python -t '' --mode fuzz -pl payloadlist.txt -X POST --contains' "permission" cs -H "Host: @@@fuzzhere@@@" "Accept: */*" -d "var=1234" --cookie "name=tester" -r
  • Finding the fuzzing placeholder allowed length. The 'A' value is a white-listed character.
python -t -cnt "long" --accepted_value A -m length
  • HTTP Parameter Pollution

ASP mode:
This mode is splitting the payload at the comma ',' character and it is sending it to a different variable

python -t -pl ./Backups/hpp.txt --contains 'whatever' --param_name xss --param_source URL  -m asp_hpp
  • Detecting Allowed sources
python -t --contains 'whatever' --detect_allowed_sources --accepted_method GET --param_name xss --accepted_param_value test --param_source URL
  • Fuzzing using templates and transforming payloads

The transformation functions are defined in the

python -t '' -pl xss2.txt -rcd '200-599,100' --data "xss=@@@<reverse><payload/></reverse>@@@" -m fuzz
python -t -rcd '200-599,100' --data "xss=@@@<utf8>Hello</utf8>@@@" -m fuzz
  • Testing for anomalies and bypasses by changing the Content-Type.
python -t --mode content_type_tamper
  • Overchar testing. Sending the payload after a stream with valid characters.
python -t '' -rcd 403 -X GET --headers "Accept: */*" "Host: localhost" -m overchar -pl ./Backups/xss.txt --accepted_value 1 --length 8196