WAF block transmission bypass

Time:2022-5-3

Principle:

After adding transfer encoding: chunked in the header, it means that the message adopts block coding.At this time, the data part of the post request message needs to be transmitted in a series of blocks. Each block contains hexadecimal length value and data. The length value is exclusive of one line, and the length does not include the end of it or the end of block data. Finally, 0 needs to be exclusive of one line to indicate the end.
 
1. Open burpsuite and add the plug-ins required for block transmission in the extension module:

 

 

2. After adding, normally access a request, followed by an injection statement after the parameter:

 

The security dog intercepts the access and makes an error.

3. Open BP agent, intercept data packets and construct block transmission statements:

 

WAF is not intercepted. When inserting a function in a statement, WAF will intercept and detect that the user may want to get data from the database

 

4. Split query statements into block transmission:

 

Split id = 2 union select 1,2, user(), 4,

After the query is completed, the server will be told that if the request header is not split, the data will be brought into the database. By default, if the request header is not split, the server will use the WAF mechanism. If the request header is not split, it will be brought into the database. If the request header is not split, the server will be told that all the data will be brought into the database by default, Bypass WAF restrictions

 

It should be noted that after the splitting is completed, there is a row with 0 space to end the splitting, and there are two blank lines behind it to end the packet request. If the latter two blank lines are deleted, the request becomes dead circulation, and the server does not make any corresponding changes.

 

In this way, WAF is bypassed. The premise of the above steps is that during program development, the way to accept the request should be written as$_ Request(), which accepts both get and post requests,

 

 

 

Recommended Today

Save your time and open files randomly with AHK

Usage scenario: there are too many hard disk resources to waste time looking for. Use software to open files randomlyI will put the complete code and exe file at the end of the text, which can be downloaded and used directly 1. Create a new AHK script file and add the following code to make […]