Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Bypassing Web Application Firewalls
Posted by: lightos
Date: August 30, 2011 07:24PM

Thought this might interest some of you. I wrote a few tamper scripts for sqlmap to help bypass WAFs. These scripts modify the request in a way that will try to evade being detected by the firewall, either by changing the encoding, replacing spaces for other valid characters or just doing weird things to injection.

For more details,
[websec.ca]
[websec.mx] (Spanish)



Edited 1 time(s). Last edit at 08/31/2011 04:54AM by Gareth Heyes.

Options: ReplyQuote


Sorry, only registered users may post in this forum.