mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2025-01-03 13:30:03 +07:00
Fixed stuff
This commit is contained in:
parent
8b033f8713
commit
0db57bf9bd
@ -1223,19 +1223,20 @@ Wanna detect WAFs? Lets see how.
|
|||||||
Lets look at some methods of bypassing and evading WAFs.
|
Lets look at some methods of bypassing and evading WAFs.
|
||||||
|
|
||||||
### Fuzzing/Bruteforcing:
|
### Fuzzing/Bruteforcing:
|
||||||
__Method:__
|
__Method:__
|
||||||
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
|
Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
|
||||||
- Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
|
- Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
|
||||||
- Can be done with automated tools like BurpSuite Intruder.
|
- Can be done with automated tools like BurpSuite Intruder.
|
||||||
|
|
||||||
__Technique:__
|
__Technique:__
|
||||||
|
|
||||||
- Load up your wordlist into Burp Intruder/custom fuzzer and start the bruteforce.
|
- Load up your wordlist into Burp Intruder/custom fuzzer and start the bruteforce.
|
||||||
- Record/log all responses from the different payloads fuzzed.
|
- Record/log all responses from the different payloads fuzzed.
|
||||||
- Use random user-agents, ranging from Chrome Desktop to iPhone browser.
|
- Use random user-agents, ranging from Chrome Desktop to iPhone browser.
|
||||||
- If blocking noticed, increase fuzz latency (eg. 2-4 secs)
|
- If blocking noticed, increase fuzz latency (eg. 2-4 secs)
|
||||||
- Always use proxies, since chances are real that your IP gets blocked.
|
- Always use proxies, since chances are real that your IP gets blocked.
|
||||||
|
|
||||||
- __Drawback:__
|
__Drawback:__
|
||||||
- This method often fails.
|
- This method often fails.
|
||||||
- Many a times your IP will be blocked (temporarily/permanently).
|
- Many a times your IP will be blocked (temporarily/permanently).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user