Waf bypass policy

Source: Internet
Author: User

First, I would like to explain that some of the bypass methods are not original. Here I just want to make a brief analysis and explain them. In addition, I will also take measures on the Internet to bypass anti-injection measures. The general content is similar to coding. Here are several references: 1, for example, common URL encoding. 2, ASCII encoding. 3. Space bypass 4. type conversion modifier N bypass 5. disassemble the string through the plus sign to bypass 6. Use> or <bypass 7, use the comment statement to bypass 8, and use HEX to bypass, generally, IDS cannot detect 9. concat bypasses 10 and converts uppercase and lowercase letters to www.2cto.com. However, this is the most basic bypass and applies to most platforms. However, this problem is caused by incomplete bypassing, some of them can be bypassed, while others that are heavily dependent on special keywords cannot be bypassed. Here we will summarize several other bypasses. 1. get to post or cookie. (This is not a special exception, but it is a bypass) 2, % 00. & [payload]. (For dongle, This is the reference of the predecessors) 3. multipart bypass, huge content-length, resulting in device bypass. This problem first occurs on the traditional IPS. All the friends familiar with TCP/IP know about the slice, that is, the large-capacity data will be sent in parts and then reorganized by the server, however, some WAF cannot reorganize the data due to insufficient performance or other reasons. Therefore, it is not determined to be dangerous data. Therefore, it is submitted to the backend server for processing and thus bypassed successfully. 4.% 00 and % 0a ascii 00 of the regular expression are truncated. For example, aaa = x % 00 & username = name will be bypassed when the firewall encounters % 00, and some regular expressions will also perform truncation. The principle of multipart upload is not much mentioned. This problem also applies to bypassing WAF5, repeating variable bypass, and repeating variable variation. Username = fsdf \ 'and \' = \ '& username = fsdf. This method depends on the actual situation. Some WAF allows variable overwrite, that is, the same variable pays different values and overwrites the waf cache. However, the backend program will give priority to the first value... And so on .... 6. Large data packets are bypassed. Example: a = x ..... {10000} taste-heavy testing method .... 7. Use different post resolution methods. 8. Malformed Data Packet structure. Username % 20 = fsdf & username = fsd & password = sdf9, bypassing domain name protection, for example, dropping: Host in HTTP header: or modifying host

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.