Waf bypass policy

First, I would like to explain that some of the bypass methods are not original. Here I just want to make a brief analysis and explain them. In addition, I will also take measures on the Internet to bypass anti-injection measures. The general content is similar to coding. Here are several references: 1, for example, common URL encoding. 2, ASCII encoding. 3. Space bypass 4. type conversion modifier N bypass 5. disassemble the string through the plus sign to bypass 6. Use> or <bypass 7, use the comment statement to bypass 8, and use HEX to bypass, generally, IDS cannot detect 9. concat bypasses 10 and converts uppercase and lowercase letters to www.2cto.com. However, this is the most basic bypass and applies to most platforms. However, this problem is caused by incomplete bypassing, some of them can be bypassed, while others that are heavily dependent on special keywords cannot be bypassed. Here we will summarize several other bypasses. 1. get to post or cookie. (This is not a special exception, but it is a bypass) 2, % 00. & [payload]. (For dongle, This is the reference of the predecessors) 3. multipart bypass, huge content-length, resulting in device bypass. This problem first occurs on the traditional IPS. All the friends familiar with TCP/IP know about the slice, that is, the large-capacity data will be sent in parts and then reorganized by the server, however, some WAF cannot reorganize the data due to insufficient performance or other reasons. Therefore, it is not determined to be dangerous data. Therefore, it is submitted to the backend server for processing and thus bypassed successfully. 4.% 00 and % 0a ascii 00 of the regular expression are truncated. For example, aaa = x % 00 & username = name will be bypassed when the firewall encounters % 00, and some regular expressions will also perform truncation. The principle of multipart upload is not much mentioned. This problem also applies to bypassing WAF5, repeating variable bypass, and repeating variable variation. Username = fsdf \ 'and \' = \ '& username = fsdf. This method depends on the actual situation. Some WAF allows variable overwrite, that is, the same variable pays different values and overwrites the waf cache. However, the backend program will give priority to the first value... And so on .... 6. Large data packets are bypassed. Example: a = x ..... {10000} taste-heavy testing method .... 7. Use different post resolution methods. 8. Malformed Data Packet structure. Username % 20 = fsdf & username = fsd & password = sdf9, bypassing domain name protection, for example, dropping: Host in HTTP header: or modifying host