-
It might be interesting to add some Web Application Firewall detection techniques. I don't know much about WAFs, but it looks like there are some common oracles:
* Known cookies
* Known weird HTTP…
-
WAF harvesting is relying on file timestamp to do preliminary content change detection. If the file timestamp is newer than what is in the DB, harvester will process the XML and read `` of fgdc and …
-
### Description
Hello,
I'm facing some false positive issue with rule id 942200 (Detects MySQL comment-/space-obfuscated injections and backtick termination).
If the value is a valid postal addre…
-
### Please describe the feature or suggestion.
When the WAF Mode in BICEP or the ARM Template uses a conditional statement, it's flagging it as an error. Here is an example, in the development enviro…
-
Cloudflare detects MITM via TLS fingerprinting [1][2]. mitmproxy's traffic is flagged as bot traffic, since the TLS fingerprint doesn't match the User-Agent's expected one. Cloudflare's "bot fight mod…
zeen updated
2 months ago
-
Thank you very much for sharing your script. It would be better if parameters could be obfuscated and encrypted in GET or POST request and Response. In this way, you can bypass the detection of WAF or…
-
Efficient Detection Capabilities: The tool boasts superior algorithms that can precisely identify and circumvent WAF detection mechanisms, ensuring that the attack payload is effectively delivered to …
-
Adjacent to #714 / #1218 but splitting off into a separate issue for readability. Note that this issue is not about insecure renegotiation, which is is always a failure.
The TLS guidelines say:
…
-
Is it possible to add UBIKA to the coverage of this tool?
-
## Description
In Deny mode the WAF seems to correctly handle the `allow` action, and after triggering an `allow` rule other rules in the same and subsequent phases are ignored and not triggered. I…