Research unveils advanced WAF bypass methods through Burp Suite add-on.

TLDR:

Security experts have disclosed methods for bypassing Web Application Firewalls (WAFs) on a large scale.
A new Burp Suite plugin called nowafpls has been introduced to simplify the process of bypassing WAF protection.

Security expert Shubham Shah highlighted the shift in WAF deployment in recent years, with mature companies now using WAFs across their entire attack surface. Shah emphasized the importance of keeping bypass techniques simple and accessible, rather than relying on complex methods. He discussed the common flaw of request size limits in WAFs and introduced the nowafpls Burp Plugin to exploit this vulnerability by automatically padding out requests. Additionally, Shah shared advanced tools like IP Rotate, Fireprox, and ShadowClone, as well as innovative bypass techniques such as utilizing shared certificates and H2C smuggling. These advancements underscore the evolving nature of WAF bypass techniques and the need for security researchers to stay ahead in the cybersecurity arms race.

Post Views: 79

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses