Web Application firewall bypass !


Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed !

But what IF ???!!!

Some one bypasses the WAF (Web Application Firewalls) , and because of the WAF, the programmers dont give much thought to filer or properly sanitize the input ! And once by passed  then its all good for the attacker !

Detecting WAF !

WAFs can easily be detected by the response one gets in the http request ! For instance some WAFs give off wierd response codes ! such as 901 ! Some give  40x  errors even thought he file exists !  Some drop the packets through FIN/RST ! so if the response is analysed one can easily determine whether the firewall is there or not or of which vendor it belongs to !

Bypassing WAF !

  • Encoding the input into hex or Unicode !
  • One can split their input strings using & and can easily bypass the WAF ! (esp the attack used for Modsecurity WAF)
  • Even WAF have vulnerabilities such as XSS ! Thus can be easily by passed !

To conclude one can say that due to the premade rules of the WAFs it becomes predictable and very easy to bypass !