LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.
WAF_Bypass_Helper is a Python script for generating bypass A web application firewall (or WAF).
Support type of attack:
+ SQLi (Sql Injection)
+ XSS (Cross Site Scripting)
+ ldapi (LDAPI allows LDAP connections to run over IPC connections)
+ pathtr (xpath Injection)
+ xxe (External Entity) xml cheat sheet.
WAF Bypass Helper.
Database support
– Mysql, SQL and Oracle.
Dependencies:
+ Python 2.7.x
+ requests
Note:
– Can work this get and post request
-+- Standart proxy: 127.0.0.1 8080 (test on burp)
– If you select output to a file, two files will be created. A file containing only the found mutations and a file containing the order of creating these mutations
Use:
git clone https://github.com/SndVul/WAF_Bypass_Helper && cd WAF_Bypass_Helper python main.py -h
Source: https://github.com/SndVul