From 0db57bf9bd56a043cddef08b1409613af7cbfde5 Mon Sep 17 00:00:00 2001
From: 0xInfection <theinfecteddrake@gmail.com>
Date: Wed, 6 Feb 2019 19:12:14 +0530
Subject: [PATCH] Fixed stuff

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c8775ae..515f665 100644
--- a/README.md
+++ b/README.md
@@ -1223,19 +1223,20 @@ Wanna detect WAFs? Lets see how.
 Lets look at some methods of bypassing and evading WAFs.
 
 ### Fuzzing/Bruteforcing:
-__Method:__
+__Method:__  
 Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
 - Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
 - Can be done with automated tools like BurpSuite Intruder.
 
 __Technique:__
+
 - Load up your wordlist into Burp Intruder/custom fuzzer and start the bruteforce.
 - Record/log all responses from the different payloads fuzzed.
 - Use random user-agents, ranging from Chrome Desktop to iPhone browser.
 - If blocking noticed, increase fuzz latency (eg. 2-4 secs)
 - Always use proxies, since chances are real that your IP gets blocked.
 
-- __Drawback:__
+__Drawback:__
 - This method often fails. 
 - Many a times your IP will be blocked (temporarily/permanently).