issue with waf

[mekoki88]

when i run

--idenfity-waf

I got [CRITICAL] WAF/IPS/IDS identified as 'Incapsula Web Application Firew all (Incapsula/Imperva)'

what tamper I can use for such thing

[AmericanY]

Dear @mekoki88,

READ BEFORE YOU POST A QUESTION

`--identify-waf`      Make a thorough testing for a WAF/IPS/IDS protection

WAF = Web Application Firewall. and that's mean detected web application firewall.

In your case sqlmap already provided you with the type of the WAF which is Incapsula/Imperva

SO DON'T SAY ISSUE WITH WAF

Tamper is an scripts created for each WAF which the developer took time to collect the latest vulnerable bypass of WAF from the web and tested it with confirming the usage of it, Then he made it easier for you to use by just typing --tamper=scriptoftamper which is simply replacing CHAR()

ONCE AGAIN BYPASSING WAF NEEDING SELF EFFORT FROM YOU

I suggest for you to search the web for latest method for bypassing INCAPSULA/IMPREVA WAF and read how to bypass it manually.

such of this question is really lose for time for the developer and even the readers.

[stamparm]

https://github.com/sqlmapproject/sqlmap/wiki/FAQ#which-tamper-script-to-use-to-bypass-a-wafidsips-protection

[PhenomAmd]

Dear @mekoki88,

READ BEFORE YOU POST A QUESTION

`--identify-waf`      Make a thorough testing for a WAF/IPS/IDS protection

WAF = Web Application Firewall. and that's mean detected web application firewall.

In your case sqlmap already provided you with the type of the WAF which is Incapsula/Imperva

SO DON'T SAY ISSUE WITH WAF

Tamper is an scripts created for each WAF which the developer took time to collect the latest vulnerable bypass of WAF from the web and tested it with confirming the usage of it, Then he made it easier for you to use by just typing --tamper=scriptoftamper which is simply replacing CHAR()

ONCE AGAIN BYPASSING WAF NEEDING SELF EFFORT FROM YOU

I suggest for you to search the web for latest method for bypassing INCAPSULA/IMPREVA WAF and read how to bypass it manually.

such of this question is really lose for time for the developer and even the readers.

or you could have stopped acting like a total prick and give the guy the solution he is not asking if you can teach him how to do it he asked how to bypass imperva instead of all that bullshit you answer should be ....

simply replacing CHAR()

and keep youre miserable pirck life going on :)

[mudkippzs]

Dear @mekoki88, READ BEFORE YOU POST A QUESTION

`--identify-waf`      Make a thorough testing for a WAF/IPS/IDS protection

WAF = Web Application Firewall. and that's mean detected web application firewall. In your case sqlmap already provided you with the type of the WAF which is Incapsula/Imperva SO DON'T SAY ISSUE WITH WAF Tamper is an scripts created for each WAF which the developer took time to collect the latest vulnerable bypass of WAF from the web and tested it with confirming the usage of it, Then he made it easier for you to use by just typing --tamper=scriptoftamper which is simply replacing CHAR() ONCE AGAIN BYPASSING WAF NEEDING SELF EFFORT FROM YOU I suggest for you to search the web for latest method for bypassing INCAPSULA/IMPREVA WAF and read how to bypass it manually. such of this question is really lose for time for the developer and even the readers.

or you could have stopped acting like a total prick and give the guy the solution he is not asking if you can teach him how to do it he asked how to bypass imperva instead of all that bullshit you answer should be ....

simply replacing CHAR()

and keep youre miserable pirck life going on :)

But then how could he maintain his hollow sense of superiority?

[Caf3sp0re]

@PhenomAmd I didn't understand very well,should we use "charencode" as a tamper script to bypass incapsula WAF?

[PhenomAmd]

@Caf3sp0re

https://github.com/sqlmapproject/sqlmap/blob/master/tamper%2Fcharencode.py

--tamper=charencode