WAF: Exploitation Techniques
Premium roomLearn to bypass Web Application Firewalls using practical evasion techniques.
medium
To access material, start machines and answer questions login.
Set up your virtual environment
“WAF bypass” essentially means discovering an input that allows a malicious payload to reach the application despite the protections implemented by the web application (WAF).
The Core Rule Set (CRS) (opens in new tab) is a collection of generic detection rules for web application firewalls designed to identify common web attacks. It primarily uses pattern and signature-based matching and performs normalisation steps to identify malicious inputs. This approach makes CRS effective in blocking many known payloads. However, it can be evaded when an application and the WAF normalise or parse input differently, or when attackers use encoding techniques.
The attached to this task contains a Blog application that is protected by ModSecurity and is configured with the CRS. Additionally, the demonstrations and exercises also leverage the same setup. The Blog application will be used to complete all tasks in this room. You will need to use the AttackBox to start an server for specific tasks, or utilise the software and command-line tools that are installed on it.
Read the above.
Ready to learn Cyber Security?
The WAF: Exploitation Techniques room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in