waf-bypass-techniques
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSKILL: WAF Bypass Techniques — Evasion Playbook
SKILL: WAF绕过技术 —— 规避手册
AI LOAD INSTRUCTION: Covers WAF identification, generic bypass categories (encoding, protocol abuse, HTTP/2, parameter pollution), and a decision tree. For product-specific bypasses (Cloudflare, AWS WAF, ModSecurity, Akamai, etc.), load WAF_PRODUCT_MATRIX.md. Base models often suggest basic encoding but miss protocol-level bypasses and WAF behavioral quirks.
AI加载说明:涵盖WAF识别、通用绕过类别(编码、协议滥用、HTTP/2、参数污染)以及决策树。如需特定产品的绕过方案(Cloudflare、AWS WAF、ModSecurity、Akamai等),请加载WAF_PRODUCT_MATRIX.md。基础模型通常只会给出基础编码建议,但会遗漏协议层绕过方法和WAF的行为特性。
0. RELATED ROUTING
0. 相关路由
- sqli-sql-injection for payloads to deliver after bypassing WAF
- xss-cross-site-scripting for XSS payloads that need WAF evasion
- request-smuggling when smuggling can route requests around WAF entirely
- http-parameter-pollution HPP is itself a WAF bypass primitive
- csp-bypass-advanced when WAF blocks inline scripts but CSP bypass is available
- 绕过WAF后要使用的Payload请参考sqli-sql-injection
- 需要规避WAF的XSS Payload请参考xss-cross-site-scripting
- 当请求走私可以完全绕开WAF路由请求时参考request-smuggling
- http-parameter-pollution HPP本身就是一种WAF绕过原语
- 当WAF拦截内联脚本但可以绕过CSP时参考csp-bypass-advanced
Product-Specific Reference
特定产品参考
Load WAF_PRODUCT_MATRIX.md when you need per-product bypass techniques for Cloudflare, AWS WAF, ModSecurity CRS, Akamai, Imperva, F5 BIG-IP, or Sucuri.
如需Cloudflare、AWS WAF、ModSecurity CRS、Akamai、Imperva、F5 BIG-IP或Sucuri的专属绕过技术,请加载WAF_PRODUCT_MATRIX.md。
1. PHASE 0 — IDENTIFY THE WAF
1. 阶段0 — 识别WAF
Before bypassing, know what you're fighting.
绕过之前,先明确你面对的防护对象。
1.1 Tools
1.1 工具
| Tool | Usage |
|---|---|
| Fingerprint WAF vendor from response headers/behavior |
| NSE script for WAF detection |
| Manual header inspection | |
| 工具 | 用法 |
|---|---|
| 从响应头/行为识别WAF厂商 |
| 用于WAF检测的NSE脚本 |
| 手动响应头检查 | |
1.2 Behavioral Fingerprinting
1.2 行为特征识别
1. Send benign request → record baseline response (status, headers, body size)
2. Send obvious attack: /?q=<script>alert(1)</script>
3. Compare: 403? Custom block page? Redirect? Connection reset?
4. Block page content reveals WAF: "Cloudflare", "Access Denied (Imperva)", "ModSecurity"
5. If transparent proxy: check response time difference (WAF adds latency)1. Send benign request → record baseline response (status, headers, body size)
2. Send obvious attack: /?q=<script>alert(1)</script>
3. Compare: 403? Custom block page? Redirect? Connection reset?
4. Block page content reveals WAF: "Cloudflare", "Access Denied (Imperva)", "ModSecurity"
5. If transparent proxy: check response time difference (WAF adds latency)2. GENERIC BYPASS CATEGORIES
2. 通用绕过类别
2.1 Encoding Bypasses
2.1 编码绕过
| Technique | Example | Bypasses |
|---|---|---|
| URL encoding | | Basic string matching |
| Double URL encoding | | WAFs that decode once, app decodes twice |
| Unicode encoding | | IIS-specific Unicode normalization |
| HTML entities | | WAFs not performing HTML entity decoding |
| Hex encoding (SQL) | | WAFs matching SQL keywords |
| Octal encoding | | Rare but some parsers handle it |
| Overlong UTF-8 | | Legacy parsers with loose UTF-8 handling |
| Mixed case | | Case-sensitive rule matching |
| Null byte | | WAFs that stop parsing at null |
| 技术 | 示例 | 绕过场景 |
|---|---|---|
| URL编码 | `%3Cscript%3E | 基础字符串匹配 |
| 双重URL编码 | | WAF仅解码一次,应用解码两次 |
| Unicode编码 | | IIS专属Unicode归一化场景 |
| HTML实体 | | WAF不执行HTML实体解码 |
| 十六进制编码(SQL) | | WAF匹配SQL关键词 |
| 八进制编码 | | 少见但部分解析器支持该编码 |
| 过长UTF-8编码 | | 对UTF-8处理宽松的老旧解析器 |
| 大小写混合 | | 大小写敏感的规则匹配 |
| 空字节 | | WAF遇到空字节停止解析 |
2.2 Chunked Transfer Encoding
2.2 分块传输编码
Split the payload across HTTP chunks so no single chunk contains the blocked pattern:
http
POST /search HTTP/1.1
Transfer-Encoding: chunked
3
sel
3
ect
1
4
from
0
WAFs that inspect the full body may not reassemble chunks before matching.
将Payload拆分到多个HTTP分块中,让单个分块都不包含被拦截的特征:
http
POST /search HTTP/1.1
Transfer-Encoding: chunked
3
sel
3
ect
1
4
from
0
检查完整请求体的WAF可能在匹配前不会重组分块。
2.3 HTTP/2 Binary Format Bypasses
2.3 HTTP/2二进制格式绕过
HTTP/2 transmits headers as binary HPACK-encoded frames. Some WAFs only inspect after downgrading to HTTP/1.1:
- Header names can contain characters illegal in HTTP/1.1
- Pseudo-headers (,
:method) bypass header-based WAF rules:path - H2 → H1 downgrade may introduce request smuggling (see request-smuggling)
HTTP/2将头部作为二进制HPACK编码帧传输。部分WAF仅在降级到HTTP/1.1后才进行检测:
- 头部名称可以包含HTTP/1.1中非法的字符
- 伪头(,
:method)可以绕过基于头部的WAF规则:path - H2 → H1降级可能引入请求走私(参考request-smuggling)
2.4 HTTP Parameter Pollution (HPP)
2.4 HTTP参数污染(HPP)
Different servers handle duplicate parameters differently:
| Server | Behavior for |
|---|---|
| PHP/Apache | Last value: |
| ASP.NET/IIS | Concatenated: |
| Python/Flask | First value: |
| Node.js/Express | Array: |
WAF checks (benign), app uses (malicious). Or combine: → ASP.NET sees .
a=1a=2a=sel&a=ecta=sel,ect不同服务器对重复参数的处理方式不同:
| 服务器 | |
|---|---|
| PHP/Apache | 取最后一个值: |
| ASP.NET/IIS | 拼接值: |
| Python/Flask | 取第一个值: |
| Node.js/Express | 返回数组: |
WAF检查(正常内容),而应用使用(恶意内容)。或者组合使用: → ASP.NET会识别为。
a=1a=2a=sel&a=ecta=sel,ect2.5 IP Source Spoofing (Bypass IP-Based Rules)
2.5 IP源地址欺骗(绕过基于IP的规则)
Headers trusted by some WAFs/apps for client IP:
X-Forwarded-For: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Originating-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
Forwarded: for=127.0.0.1Use case: WAF whitelists internal IPs or has different rule sets per source.
部分WAF/应用信任以下用于标识客户端IP的头部:
X-Forwarded-For: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Originating-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
Forwarded: for=127.0.0.1适用场景:WAF对白名单内部IP,或不同源IP对应不同规则集。
2.6 Path Normalization Tricks
2.6 路径归一化技巧
| Technique | Example | Effect |
|---|---|---|
| Dot segments | | WAF sees different path than app |
| Double slash | | Some normalizers collapse, WAFs may not |
| URL encoding path | | WAF sees encoded, app decodes |
| Null byte in path | | Legacy: app truncates at null, WAF sees .jpg |
| Backslash (IIS) | | IIS treats |
| Trailing dot/space | | OS-level normalization (Windows) |
| Semicolon (Tomcat) | | Tomcat strips after |
| 技术 | 示例 | 效果 |
|---|---|---|
| 点段 | | WAF看到的路径与应用实际解析的路径不同 |
| 双斜杠 | | 部分归一化器会合并斜杠,WAF可能不会处理 |
| 路径URL编码 | | WAF看到编码后的路径,应用会解码 |
| 路径中的空字节 | | 老旧系统:应用在空字节处截断路径,WAF识别为.jpg文件 |
| 反斜杠(IIS) | | IIS将 |
| 末尾点/空格 | | 操作系统级归一化(Windows) |
| 分号(Tomcat) | | Tomcat会删除 |
2.7 Content-Type Manipulation
2.7 Content-Type篡改
WAFs often have format-specific parsers. Switching Content-Type can bypass rules:
Default: Content-Type: application/x-www-form-urlencoded → WAF parses params
Switch: Content-Type: application/json → WAF may not parse JSON body
Switch: Content-Type: multipart/form-data → WAF may not inspect all parts
Switch: Content-Type: text/xml → WAF expects XML, payload in different formatTrick: If app accepts both JSON and form-urlencoded, use JSON — WAFs often have weaker JSON inspection rules.
WAF通常有格式专属的解析器,切换Content-Type可以绕过规则:
默认: Content-Type: application/x-www-form-urlencoded → WAF解析参数
切换: Content-Type: application/json → WAF可能不会解析JSON请求体
切换: Content-Type: multipart/form-data → WAF可能不会检查所有部分
切换: Content-Type: text/xml → WAF期望XML格式,Payload采用其他格式即可绕过技巧:如果应用同时支持JSON和表单编码格式,使用JSON格式——WAF通常对JSON的检测规则更弱。
2.8 Multipart Boundary Abuse
2.8 多部分边界滥用
http
Content-Type: multipart/form-data; boundary=----WAFBypass
------WAFBypass
Content-Disposition: form-data; name="q"
<script>alert(1)</script>
------WAFBypass--Variations: long boundary strings, boundary with special characters, missing final boundary, nested multipart.
http
Content-Type: multipart/form-data; boundary=----WAFBypass
------WAFBypass
Content-Disposition: form-data; name="q"
<script>alert(1)</script>
------WAFBypass--变体:长边界字符串、带特殊字符的边界、缺失末尾边界、嵌套多部分内容。
2.9 Newline & Whitespace Injection
2.9 换行与空格注入
sql
-- SQL keyword splitting
SEL
ECT * FROM users
-- SQL comment insertion
SEL/**/ECT * FR/**/OM users
UN/**/ION SEL/**/ECT 1,2,3
-- Tab/vertical tab as separator
SELECT\t*\tFROM\tuserssql
-- SQL keyword splitting
SEL
ECT * FROM users
-- SQL comment insertion
SEL/**/ECT * FR/**/OM users
UN/**/ION SEL/**/ECT 1,2,3
-- Tab/vertical tab as separator
SELECT\t*\tFROM\tusers2.10 Keyword Splitting & Alternative Syntax
2.10 关键词拆分与替代语法
| Blocked | Alternative |
|---|---|
| |
| |
| |
| |
| |
| |
| |
| 被拦截内容 | 替代写法 |
|---|---|
| |
| |
| |
| |
| |
| |
| |
3. PROTOCOL-LEVEL BYPASS TECHNIQUES
3. 协议层绕过技术
3.1 Request Line Abuse
3.1 请求行滥用
http
GET /path?q=attack HTTP/1.1 ← WAF inspectsvs.
http
GET http:/path?q=attack HTTP/1.1 ← Absolute URI: some WAFs miss the pathhttp
GET /path?q=attack HTTP/1.1 ← WAF会检测该请求对比:
http
GET http:/path?q=attack HTTP/1.1 ← 绝对URI:部分WAF会遗漏路径检测3.2 Header Injection via CRLF
3.2 通过CRLF注入头部
If WAF inspects original headers but app processes injected ones:
X-Custom: value\r\nX-Forwarded-For: 127.0.0.1如果WAF仅检测原始头部,而应用会处理注入的头部:
X-Custom: value\r\nX-Forwarded-For: 127.0.0.13.3 Connection-State Bypass
3.3 连接状态绕过
1. Establish connection through WAF (normal request)
2. On same keep-alive connection, send attack request
3. Some WAFs reduce inspection on subsequent requests in same connection1. 通过WAF建立连接(发送正常请求)
2. 在同一个长连接上发送攻击请求
3. 部分WAF会降低同一连接内的后续请求检测强度4. WAF BYPASS DECISION TREE
4. WAF绕过决策树
Payload blocked by WAF?
├── Identify WAF (wafw00f, response headers, block page)
│
├── Try encoding bypasses
│ ├── URL encode payload → still blocked?
│ ├── Double URL encode → still blocked?
│ ├── Unicode/overlong UTF-8 → still blocked?
│ ├── Mixed case keywords → still blocked?
│ └── HTML entities (for XSS) → still blocked?
│
├── Try protocol-level bypasses
│ ├── Switch Content-Type (JSON, multipart, XML)
│ │ └── App accepts alternate format? → re-send payload
│ ├── HTTP Parameter Pollution (duplicate params)
│ ├── Chunked Transfer-Encoding to split payload
│ ├── HTTP/2 direct if available (binary framing bypass)
│ └── Request line: absolute URI format
│
├── Try path-based bypasses
│ ├── Path normalization (/./path, //path, ;param)
│ ├── Different HTTP method (POST vs PUT vs PATCH)
│ └── Alternate endpoint serving same function
│
├── Try payload mutation
│ ├── SQL: comments (/**/), alternative functions, hex literals
│ ├── XSS: alternative tags/events, JS template literals
│ ├── RCE: wildcard abuse, string concatenation, variable expansion
│ └── Check WAF_PRODUCT_MATRIX.md for vendor-specific mutations
│
├── Try IP-source bypass
│ ├── X-Forwarded-For / True-Client-IP spoofing
│ ├── Access origin server directly (bypass CDN)
│ └── Find origin IP (Shodan, historical DNS, email headers)
│
└── Try request smuggling to skip WAF entirely
└── See ../request-smuggling/SKILL.mdPayload blocked by WAF?
├── Identify WAF (wafw00f, response headers, block page)
│
├── Try encoding bypasses
│ ├── URL encode payload → still blocked?
│ ├── Double URL encode → still blocked?
│ ├── Unicode/overlong UTF-8 → still blocked?
│ ├── Mixed case keywords → still blocked?
│ └── HTML entities (for XSS) → still blocked?
│
├── Try protocol-level bypasses
│ ├── Switch Content-Type (JSON, multipart, XML)
│ │ └── App accepts alternate format? → re-send payload
│ ├── HTTP Parameter Pollution (duplicate params)
│ ├── Chunked Transfer-Encoding to split payload
│ ├── HTTP/2 direct if available (binary framing bypass)
│ └── Request line: absolute URI format
│
├── Try path-based bypasses
│ ├── Path normalization (/./path, //path, ;param)
│ ├── Different HTTP method (POST vs PUT vs PATCH)
│ └── Alternate endpoint serving same function
│
├── Try payload mutation
│ ├── SQL: comments (/**/), alternative functions, hex literals
│ ├── XSS: alternative tags/events, JS template literals
│ ├── RCE: wildcard abuse, string concatenation, variable expansion
│ └── Check WAF_PRODUCT_MATRIX.md for vendor-specific mutations
│
├── Try IP-source bypass
│ ├── X-Forwarded-For / True-Client-IP spoofing
│ ├── Access origin server directly (bypass CDN)
│ └── Find origin IP (Shodan, historical DNS, email headers)
│
└── Try request smuggling to skip WAF entirely
└── See ../request-smuggling/SKILL.md5. COMMON MISTAKES & TRICK NOTES
5. 常见错误与技巧说明
- Test bypass with actual exploitation, not just 200 OK: WAF may return 200 but strip the payload silently.
- WAFs often have size limits: Very large request bodies (>8KB–128KB depending on WAF) may bypass inspection entirely.
- Rate limiting ≠ WAF: Getting 429s is rate limiting, not payload blocking. Different bypass needed.
- CDN caching: If the WAF is at CDN level, cached responses bypass WAF on subsequent requests. Poison cache with clean request, exploit cache.
- Origin server direct access: If you find the origin IP behind CDN/WAF, connect directly — WAF is bypassed completely.
- Multipart file upload fields: WAFs often skip inspection of file content in multipart uploads — embed payload in filename or file content if reflected.
- 使用实际利用场景测试绕过效果,不要仅通过200状态码判断:WAF可能返回200但静默删除Payload。
- WAF通常有大小限制:超大请求体(根据WAF不同为8KB–128KB不等)可能完全绕过检测。
- 速率限制≠WAF拦截:返回429是速率限制,不是Payload拦截,需要不同的绕过方案。
- CDN缓存:如果WAF部署在CDN层,缓存的响应在后续请求中会绕过WAF。用正常请求污染缓存,再利用缓存进行攻击。
- 直接访问源站:如果找到CDN/WAF背后的源站IP,直接连接即可完全绕过WAF。
- 多部分文件上传字段:WAF通常会跳过多部分上传中的文件内容检测——如果Payload会被回显,可以将Payload嵌入文件名或文件内容中。
6. DEFENSE PERSPECTIVE
6. 防御视角
| Measure | Notes |
|---|---|
| WAF + application-level input validation | WAF is a layer, not a fix |
| Parameterized queries | Eliminates SQLi regardless of WAF |
| CSP + output encoding | Eliminates XSS regardless of WAF |
| Regularly update WAF rules | Vendor signatures lag behind new bypasses |
| Deny by default, not block-list | Allowlist valid input patterns |
| Log and alert on WAF blocks | Bypass attempts are visible in logs |
| 措施 | 说明 |
|---|---|
| WAF + 应用层输入校验 | WAF是一层防护,不是解决方案 |
| 参数化查询 | 无论WAF是否存在都可以消除SQLi风险 |
| CSP + 输出编码 | 无论WAF是否存在都可以消除XSS风险 |
| 定期更新WAF规则 | 厂商特征库更新滞后于新的绕过技术 |
| 默认拒绝,而非黑名单机制 | 白名单合法输入模式 |
| 记录WAF拦截日志并告警 | 绕过尝试会在日志中可见 |