bypasswaf
=========
Add headers to all Burp requests to bypass some WAF products. This extension will automatically add the following headers to all requests.
<pre>
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
</pre>
Usage
=====
Steps include:
<ol>
<li>Add extension to burp</li>
<li>Create a session handling rule in Burp that invokes this extension</li>
<li>Modify the scope to include applicable tools and URLs</li>
<li>Configure the bypass options on the "Bypass WAF" tab</li>
<li>Test away</li>
</ol>
More information can be found at: <a href="https://www.codewatch.org/blog/?p=408" target=_codewatch>https://www.codewatch.org/blog/?p=408</a>
Features
========
All of the features are based on Jason Haddix's work found <a href="http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366#.VGlMR-90wsd" target=_hp>here</a>, and Ivan Ristic's WAF bypass work found <a href="https://github.com/ironbee/waf-research" target=_git>here</a> and <a href="https://media.blackhat.com/bh-us-12/Briefings/Ristic/BH_US_12_Ristic_Protocol_Level_WP.pdf" target=_blackhat>here</a>.
Bypass WAF contains the following features:
<img src="https://www.codewatch.org/postimg/408/bypasswaf_options.png">
A description of each feature follows:
<ol>
<li>Users can modify the X-Originating-IP, X-Forwarded-For, X-Remote-IP, X-Remote-Addr headers sent in each request. This is probably the top bypass technique i the tool. It isn't unusual for a WAF to be configured to trust itself (127.0.0.1) or an upstream proxy device, which is what this bypass targets.</li>
<li>The "Content-Type" header can remain unchanged in each request, removed from all requests, or by modified to one of the many other options for each request. Some WAFs will only decode/evaluate requests based on known content types, this feature targets that weakness.</li>
<li>The "Host" header can also be modified. Poorly configured WAFs might be configured to only evaluate requests based on the correct FQDN of the host found in this header, which is what this bypass targets.</li>
<li>The request type option allows the Burp user to only use the remaining bypass techniques on the given request method of "GET" or "POST", or to apply them on all requests.</li>
<li>The path injection feature can leave a request unmodified, inject random path info information (/path/to/example.php/randomvalue?restofquery), or inject a random path parameter (/path/to/example.php;randomparam=randomvalue?resetofquery). This can be used to bypass poorly written rules that rely on path information.</li>
<li>The path obfuscation feature modifies the last forward slash in the path to a random value, or by default does nothing. The last slash can be modified to one of many values that in many cases results in a still valid request but can bypass poorly written WAF rules that rely on path information.</li>
<li>The parameter obfuscation feature is language specific. PHP will discard a + at the beginning of each parameter, but a poorly written WAF rule might be written for specific parameter names, thus ignoring parameters with a + at the beginning. Similarly, ASP discards a % at the beginning of each parameter.</li>
<li>The "Set Configuration" button activates all the settings that you have chosen.</li>
</ol>
All of these features can be combined to provide multiple bypass options.
Future
======
I intend to add the following features, at a minimum, to future versions:
<ol>
<li>HTTP Parameter Pollution - Automatically perform HPP attacks on GET/POST parameters.</li>
<li>HTTP Requests Smuggling - Automatically perform an HTTP request smuggling attack on each request where a dummy request is added to the beginning and the real (smuggled) request is added at the end.</li>
</ol>
I have been adding features rapidly and it is very possible that the above will be in the code by the time anyone actually reads this.
Note
=====
I am not maintaining the Python version.
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
Burpsuite 1.6 pro (144个子文件)
shell.asp 4KB
shell.aspx 5KB
run.bat 30B
BappManifest.bmf 322B
BappManifest.bmf 306B
BappManifest.bmf 300B
BappManifest.bmf 294B
BappManifest.bmf 294B
BappManifest.bmf 293B
BappManifest.bmf 293B
BappManifest.bmf 289B
BappManifest.bmf 288B
BappManifest.bmf 285B
BappManifest.bmf 285B
BappManifest.bmf 283B
BappManifest.bmf 282B
BappManifest.bmf 275B
BappManifest.bmf 274B
BappManifest.bmf 272B
BappManifest.bmf 271B
BappManifest.bmf 267B
BappManifest.bmf 266B
BappManifest.bmf 264B
surnames_census2000.csv 1.75MB
firstnames_1990s.csv 5KB
firstnames_1980s.csv 5KB
firstnames_2000s.csv 5KB
firstnames_1970s.csv 5KB
firstnames_1950s.csv 5KB
firstnames_1940s.csv 5KB
firstnames_1960s.csv 5KB
firstnames_1920s.csv 5KB
firstnames_1930s.csv 5KB
nicknames.csv 1KB
.DS_Store 15KB
BappDescription.html 3KB
BappDescription.html 3KB
BappDescription.html 2KB
BappDescription.html 2KB
BappDescription.html 1KB
BappDescription.html 1KB
BappDescription.html 1KB
BappDescription.html 834B
BappDescription.html 611B
BappDescription.html 567B
BappDescription.html 446B
BappDescription.html 287B
BappDescription.html 276B
BappDescription.html 275B
BappDescription.html 248B
BappDescription.html 221B
BappDescription.html 157B
BappDescription.html 142B
BappDescription.html 126B
BappDescription.html 98B
jython-standalone-2.7-b1.jar 12.81MB
burpsuite_pro_v1.6.jar 9.24MB
co2.jar 1016KB
httpclient-4.3.3.jar 576KB
sanselan-0.97-incubator.jar 494KB
jnetpcap.jar 414KB
commons-lang3-3.1.jar 308KB
jsoup-1.7.3.jar 290KB
httpcore-4.3.2.jar 276KB
commons-codec-1.6.jar 227KB
httpcore-4.2.1.jar 218KB
httpclient-cache-4.3.3.jar 146KB
j2ee_scan.jar 123KB
pcap-reconst-1.3.5.jar 64KB
commons-logging-1.1.3.jar 61KB
commons-logging-1.1.1.jar 59KB
random_header.jar 53KB
BurpLoader.jar 40KB
httpmime-4.3.3.jar 36KB
csrf_scanner.jar 35KB
heartbleed.jar 31KB
CustomLogger.jar 30KB
pcap_importer.jar 29KB
fluent-hc-4.3.3.jar 28KB
bypasswaf.jar 28KB
xss_validator.jar 27KB
image_location_scanner.jar 22KB
error_message_checks.jar 21KB
html5_auditor.jar 21KB
BurpExtender.java 6KB
xss.js 7KB
slimer.js 4KB
shell.jsp 3KB
COPYING.md 18KB
README.md 4KB
README.md 3KB
README.md 3KB
README.md 3KB
README.md 3KB
README.md 1KB
README.md 1KB
README.md 450B
README.md 359B
shell.php 5KB
basic-xss.php 496B
共 144 条
- 1
- 2
资源评论
- p3690002020-04-17在win7 64位上直接可运行
sixto47
- 粉丝: 1
- 资源: 3
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 【创新创业材料】某服装进入XX市市场可行性报告 .zip
- 【创新创业材料】某市图书馆建设项目可行性研究报告.zip
- 【创新创业材料】某医疗器械股份有限公司核心产品国内外营销网络建设项目可行性研究报告-优秀甲级资质可研报告.zip
- 【创新创业材料】某化工公司氨基酸原料及磷化工产品生产项目可行性研究报告-极品推荐140页优秀甲级资质可研报告.zip
- 质量运营与模式i建构分享 - 转PDF.pdf
- JAVA中Spring框架入门与实践心得.zip
- 【创新创业材料】泸州老窖中长期发展战略.zip
- 【创新创业材料】旅游地产:山东胶南小珠山旅游&文化创意地产项目可行性研究报告2008-138页.zip
- main.c
- Unity 创建快捷方式自动启动
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功