waf-bypass-techniques

What problem does it solve?

This Skill helps you progress when a web application firewall blocks your injection or exploit payloads by providing practical WAF fingerprinting and generic evasion methodology.

Core Features & Use Cases

• WAF identification & behavioral fingerprinting: Use response-header cues, block-page clues, and differential behavior to determine how filtering happens.
• Generic bypass categories: Apply encoding chains, chunked transfer, HTTP/2 framing considerations, HTTP parameter pollution, IP-source rule bypasses, path normalization tricks, content-type switching, multipart boundary abuse, and whitespace/keyword splitting.
• Protocol- and path-level evasion: Attempt request-line and header injection patterns, connection-state considerations, and normalization discrepancies between WAF and backend.
• Vendor-specific routing support: When you know the WAF, follow the included product matrix to select more targeted techniques for Cloudflare, AWS WAF, ModSecurity/CRS, Akamai, Imperva, F5, and Sucuri.

Quick Start

Use waf-bypass-techniques to identify the WAF type for a blocked request, then apply the decision-tree to select the smallest effective evasion category for your specific payload and target behavior.