Category: Java

• Bypass WAF: Burp Plugin to Bypass Some WAF Devices

  I wrote a blog post on the technique used by this plugin here a while back. Many WAF devices can be tricked into believing a request is from itself, and therefore trusted, if specific headers are present. The basics of the bypass approach can be found in an HP blog post here. I have been…

  Josh Berry

  November 16, 2014

  Burp, Java, Penetration Testing, Python

  Burp Suite Pro, WAF, Web App Pentesting