Tag: WAF

• Bypass WAF: Burp Plugin to Bypass Some WAF Devices

  I wrote a blog post on the technique used by this plugin here a while back. Many WAF devices can be tricked into believing a request is from itself, and therefore trusted, if specific headers are present. The basics of the bypass approach can be found in an HP blog post here. I have been…

  Josh Berry

  November 16, 2014

  Burp, Java, Penetration Testing, Python

  Burp Suite Pro, WAF, Web App Pentesting

• Automate WAF Bypass with Burp

  I read an article from a Fortify security researcher earlier this week that provided a very simple and effective way to bypass some Web Application Firewalls (WAFs). The article can be found here. After reading, I updated my Burp configuration to automatically take advantage of this flaw in design and thought I would share the…

  Josh Berry

  March 23, 2014

  Penetration Testing

  Burp Suite Pro, WAF, Web App Pentesting